There’s something financial service firms have a lot of: Data. In particular, financial services and their extensive networks hold a lot of sensitive customer data, in the form of bank account information, credit card numbers, Social Security numbers, and much more. What’s more: Most financial service companies rely on access to said data to perform most of their day-to-day operations, making them ideal targets for a type of exploitative software attack called ransomware.
While the word “ransom” may conjure images of pirates, James Bond, and FBI hostage negotiators, there’s a whole category of cyber criminals who specialize in seizing an organization’s data and effectively holding it hostage, demanding a ransom be paid for its release. As economic digitization proliferates, so does the hacking of major and minor organizations alike – including everyone from individual bloggers to public sector network breaches that debilitate entire communities.
One such unlucky example was Riviera Beach, FL, which lost access to all of its data and digital emergency response capabilities after a hacker secured access to local government computer systems. To regain access – and reinstate countless municipal functionalities – the city had to pay the hacker $600,000 worth of Bitcoins. Another lengthy encounter with a hacker meant that one Michigan county lost access to its tax department for almost an entire month.
The repercussions of a malware attack vary by industry, but the implications for financial service companies can include facing liability for customer fraud charges, losing significant trust, funding credit monitoring, and, of course, the large expense of regaining access to data. When ransomware is the culprit, so is a type of hacker called a “Black Hat Hacker,” who intentionally exploits organizations for personal profit – hence the ransom.
What is ransomware, exactly?
While aptly named, ransomware – and malware in general – can be difficult to understand for those of us who don’t make a living in web development and coding. You can think of a ransomware attack much like a virus: It looks for vulnerabilities in a site’s software, akin to a digital immune system, and takes root, spreading quickly to connected systems.
Ransomware is typically introduced via a phishing scam, through holes in unpatched software, or through something called a “drive-by download,” which happens without a user’s consent or knowledge. Once it’s been downloaded, ransomware encrypts a computer’s files, making them inaccessible to the owner – essentially locking them in a digital safe. Encryption is a wonderful tool when you hold the key to your own encrypted data, but it’s not so great when your digital property has been made inaccessible to anyone but the hacker who locked it up.
Saturdays are particularly popular for ransomware attacks, since most of the staff’s IT department is off duty. While some people worry they won’t know whether or not ransomware has been installed on their computer, it’s almost always immediately clear. Drives on the computer will become inaccessible and display file extensions that read .aaa, .micro, .crypt, etc., and users often receive alerts that demand ransom in exchange for a digital key to decrypt the files.
Once targeted by a hacker, recovering from a ransomware attack can take months, and it often includes a mandatory forensic examination, which is costly. Customers must also be notified (in writing) of the hack if any personal information was accessed. What’s worse is that there’s no way to know for sure you’ll receive a decryption key once the ransom is paid – much like in James Bond movies, you are relying on the hacker’s word.
For this reason and many others, the FBI doesn’t even recommend paying the ransom to hackers when they’ve breached a site. Instead, prevention is your best policy, and with the right precautions, can make the impact of a ransomware attack entirely manageable.
How to protect your company from a ransomware attack
Most of the time, hackers choose target sites based on two major factors: website vulnerabilities and the potential for a high ransom. Public sectors and private sector businesses are among the most frequent victims, thanks to the impact encryption would have on their day-to-day functions, as well as a likelihood that they have ample cash to pay out.
Beyond the ransom itself, hackers often seek out credit card information to collect, contact information to sell, and classified information to extort, using this information to take out loans, access bank accounts, create fake identities, and more.
According to cybersecurity expert Norton, most ransomware attacks have been linked to poor (or bare bones) protection practices, making them the first stop when it comes to prevention. Here are steps you can take to make becoming the victim of a ransomware attack far less likely:
- Back up your computers/devices up constantly. Be sure to do so on a separate device that can’t be accessed from your network, like on an external hard drive. This makes whatever data being withheld from you obsolete.
- Update sites and after security “patches,” which correct software vulnerabilities, are released, as this is a major way that ransomware is seeded.
- Offer cybersecurity training to all employees, including drills that illustrate what kinds of links and emails might be phishing schemes.
- Verify website addresses sent to you in emails before clicking on them, even if the emails come from people you know. Many phishing scams use legitimate company names and make minor changes to the URL to entice users to click on links.
- Implement software restriction policies, so that computers automatically block unauthorized software downloads
- Configure access controls, which determine what employees can do with data. Write-access should be reserved for those who can alter or interact with data, while read-access can be given to others.
- Make sure any personal information you enter online is encrypted by the site itself. Ransomware attacks often begin on other sites!
- Double check with your IT department when your computer prompts a software download or update. While these are often legitimate, they are often malware or ransomware.
- Don’t provide personal information when answering unsolicited phone calls, strange emails, etc.
- Use reputable antivirus software and a firewall. Along with creating consistent backups, these are among the most effective ways to avoid a ransomware attack.
- Use content scanning and filtering on email servers. These will partially block malicious attachments and links.
- Use a Virtual Private Network (VPN) when accessing public WiFi away from the office to protect data.
Of course, sometimes disaster hit regardless of how thorough your prevention might be. If you are targeted by ransomware, here are initial steps to take:
- Restore any files from your backup, if you have one.
- Isolate the infected system, which means removing the affected device or computer from all networks, disabling its wireless capabilities, disconnecting it from all shared and networked drives, and collecting encrypted devices in a central location.
- Make sure backup data is offline and secure to keep it protected.
- Turn off computers and devices to avoid the spread of the ransomware.
- Immediately report ransomware incidents to the IT help desk or security office.
- Change all passwords once the ransomware has been removed from your devices.
While ransomware attacks can certainly be debilitating, they are often preventable through good cybersecurity practices, thorough backups, and an informed staff. The nature of ransomware can be difficult to understand for those of us who are well-versed in development and coding, but a little education goes a long way!