Ransomware. Protect your financial institution from the fastest growing type of cybercrime.

posted on Wednesday, July 14, 2021 in SHAZAM Blog

You’ve likely heard of the recent cyberattack against the Colonial Pipeline that left much of America’s East Coast with significant fuel shortages and long lines at the pumps. This attack was caused by ransomware. 

Ransomware attacks are becoming alarmingly more frequent as hacker groups and rogue nation states aim to disrupt commerce, steal sensitive information and extort significant amounts of money from their victims. According to Cybercrime Magazine, the costs associated with ransomware are projected to exceed $20 billion. This is 57 times more than the costs associated with ransomware in 2015.

SHAZAM’s mission is strengthening community financial institutions, so we’re also invested in the security of your business. Let us help by offering some insights into ransomware and how to protect your organization. 

What is ransomware?

  • Ransomware is a type of computer malware (malicious software) that encrypts computer files rendering them unavailable to the authorized owner. 
  • The ransomware attacker typically requests a payment (ransom) from the owner to decrypt the files.
  • Ransomware has advanced over time, and many attacks now include stealing sensitive information in addition to encrypting files.   

What damage does ransomware cause?

  • Ransom. The hallmark of a ransomware attack is the request for the victim to pay a ransom to the attacker. Often, the victim is forced to pay the ransom in order to recover valuable data or return to normal business operations.
  • Loss of business. When key business files are encrypted by ransomware, they are unavailable to the business which usually results in unavailability of key IT systems and a degree of lost business. Depending on how long business services are unavailable, this loss can exceed that of the ransom payment amount itself.
  • Damaged reputation. If key business services are unavailable for an extended period, or if customers learn of a ransomware attack before you let them know, this can decrease customer confidence and damage your organization’s reputation. How the incident is handled is key to mitigating loss of reputation.
  • Data loss. If an institution is unwilling to pay the ransom, or problems occur when attempting to decrypt data, the organization may have to go through the costly process of recreating data.
  • Data theft. Ransomware attacks have advanced to exfiltrating (unauthorized movement) sensitive data during the attack. Personally identifiable information (PII), intellectual property, and other sensitive data can be stolen.

How can you protect your organization from ransomware?

  • Data backup. Back up your data regularly and frequently. Ensure the backup locations are logically separated (or better yet, stored offline) from the primary location. If one data set becomes encrypted through ransomware, you may be able to recover that data from the backup.
  • Anti-malware. Make sure your computing devices are protected by anti-malware software to detect and prevent the software that initiates a ransomware attack. It’s preferrable to have “next generation” anti-malware solutions installed. These tools have improved capabilities to identify and prevent ransomware attacks.
  • System patching. Make sure the operating systems and software installed on your organization’s computers are kept up-to-date with security patches and vendor supported versions. This can prevent ransomware from exploiting computer vulnerabilities.
  • Security awareness training. The beginning of a major ransomware attack can be as simple as one employee clicking on a malicious link in an email. Educate your employees on how to spot signs of phishing and other social engineering techniques.

How can you prepare to recover from a ransomware attack?

  • Incident response plan. Your organization should be equipped with a documented incident response plan, so when an incident such as ransomware occurs, you’re prepared to respond with the right steps involving the right people.
  • Ransomware playbook. It may be worthwhile to take incident response planning one step further by documenting steps to be taken should a ransomware attack occur. Being well-prepared can limited the damage that ransomware can cause to your organization.
  • Cyber insurance. Consider purchasing a cyber insurance policy to mitigate the ransomware threat. Make sure you understand the coverage details specifically for the response to ransomware.

If your institution is a victim of ransomware report it to the FBI:

With ransomware attacks trending up, protecting your financial institution from the fastest growing type of cybercrime is imperative. Spend time developing a culture of security where all employees understand their responsibility for maintaining the good cyber hygiene. All it takes in one click on an artful phishing email, attachment or fraudulent hyperlink to download malware onto your financial system. Stay vigilant!

SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 


comments powered by Disqus