Ransomware might seem like something that only happens in movies or in shows like Homeland and could not possibly happen to your financial institution. Consider between March and June of 2020, the banking sector saw a 520% increase in phishing and ransomware attacks (Crosman, 2020). Ransomware is a real threat in today’s business world, and an attack can severely inhibit or even completely cease your organization’s operations.
What is Ransomware
Malicious cybercriminals encrypt data on a computer and render the data unstable. The cybercriminal then holds the data hostage until a ransom is paid. A form of cyber blackmail, the threat is to delete the data or release confidential information to the public. A financial institution, like yours, can be faced with the choice to continue operating with locked and infected systems or paying a ransom with no guarantees.
How it Happens
Ransomware is introduced into a network through email, malicious code and malware hidden in advertisements, attachments, hyperlinks or imbedded in the body of a message. Unsuspecting employees open these emails, view the ads, click on links, and download files, all with the possibility of infecting their systems with ransomware or other malicious code. Another common method of infection is through a USB drive previously infected on a user’s less secure home network then plugged into a system at work. Other methods include the exploitation of RDP and VPN vulnerabilities and even the use of unsecure public hotspots.
Why Financial Institutions are Under Attack
Growth of ransomware has risen during the COVID-19 pandemic. While organizations changed from in- person to remote work cultures, cybercriminals saw an opportunity. Financial institutions and banks have become preferred targets as cybercriminals are lured by the possibility of high value client account information. Reports have shown that ransomware attacks are intensifying as data breaches. One out of four incidents reported show that hackers are not only locking up servers and demanding ransoms (Crosman, 2020), confidential data was further extracted for monitory gain. Customer data from a few community banks recently posted on the dark web, indicate ransomware-based data leakage.
Financial institutions with ransomware are likely to make ransom payment to protect their clients and investments. Banks along with government agencies, insurance firms, medical facilities, and other organizations that are heavily reliant on data, are all targets. Healthcare providers face the jeopardy of patient confidentiality loss that could violate the Health Insurance Portability and Accountability Act (HIPAA) and risk of liability.
Ransomware attacks can be prevented with diligence and implementing best practices. Financial institutions, insurance companies and healthcare providers must have robust system backups to promptly reinstate operations in the event of an attack. Backups should include file data, applications, operating systems, and folder structure. Firewalls, filters, and anti-malware can be effective in ensuring that the malware does not spread. A good anti-malware solution blocks malware before it can be executed when a user visits a malicious website or opens an email with malicious content.
Employee security awareness programs should be regularly conducted to inform employees of the dangers and train employees to recognize potential for breaches and malware. Additionally, employees should be advised on how to identify and alert IT teams to suspicious email messages.
Organizations should consider the need for insurance. Cybersecurity risk insurance policies give coverage for the financial effects from a ransomware attack, and these policies become applicable when an organization suffers a breach and provide access to subject matter professionals and fiscal resources necessary to respond.
Ransomware is a threat to your organization’s operations. Attacks have become more sophisticated as organized groups of cybercriminals have invested substantial money, time, and human resources to methods and technique. Businesses, healthcare organizations, and financial institutions should similarly match the investment of cybercriminals by investing in system backup, employee education and protection.
Worthy of note, the FBI does not encourage paying a ransom. Paying a ransom can embolden cybercriminals and encourage further nefarious activities. (cisa.gov, 2021)
For assurance that your organization’s measures to prevent ransomware and other cyberattacks are sufficient, cybersecurity experts, like our team at Vala Secure, can help implement or test your security protocols.
Homeland. (2011-2020). Showtime, https://www.sho.com/homeland
Crosman, P. (2020, October 06). 5 ransomware trends that should ALARM banks. Retrieved February 08, 2021, from https://www.americanbanker.com/news/5-ransomware-trends-that-should-alarm-banks
www.cisa.gov. (n.d.). Retrieved February 8, 2021, from