bankingciooutlook

Don't be Held Hostage. Learn How the Banking Industry Can Defend against Ransomware

By Tom DeSot, EVP & CIO, Digital Defense

Tom DeSot, EVP & CIO, Digital Defense

Ransomware attacks have been rising to fame this year through high-profile incidents at financial institutions, hospitals, law firms, retail organizations and even government offices. The U.S. Federal Financial Institutions Examination Council stated early in 2016 that it is also seeing a concerning increase in the number and severity of these types of attacks on financial institutions and banks, involving extortion and cyber fraud.

Cyber fraud is the use of Internet services or software with internet access to deceive and defraud victims, both individuals as well as organizations, and with a motivation of financial gain. One example of cyber fraud is ransomware. Ransomware is a type of malicious software that restricts access to infected computer systems until the user pays a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system’s hard drive, while some may simply lock the system and display messages intended to coax the user into paying. Ransoms can range from $300-$50,000. In some cases, the criminal will threaten to destroy all data if the victim fails meet demands or if the owner attempts to remove the malware without paying.

"Defenders must be diligent, continually updating systems, training and retraining staff in order to attempt to stay ahead of attackers; no easy task"

While financial institutions are typically known for being on the forefront of information security due to strict compliance and regulations placed on them, they are certainly not immune to all types of cyberattacks. Most financial institutions strive to make sure that technologies are in place to quickly identify vulnerabilities and mitigate risks of a data breach. However, regulators and most security professionals are realizing that to effectively protect sensitive data, there needs to be a balance between successfully leveraging technology and mitigating security risks. 

Defending against ransomware attacks entails a level of preparedness similar to what banks and their employees should be doing to defend against all types of cyberattacks. Here are a few ways that banks and financial institutions can protect against ransomware.

Implement User Education

Users need to be educated about the risks associated with ransomware and understand what they can do to help the company avoid infections. The first thing banks should do is to learn as much as possible about social engineering, including the ins and outs of remote social engineering practices, such as email phishing or “drive by downloads”, fraudulent websites that contain harmful malware. Since financial employees are often more savvy and security aware, hackers have to work harder at their social engineering tactics, but this definitely does not stop them. Bank-focused ransomware will often attempt to trick the victims into thinking that a correspondence they receive is the result of an official government communication by using images such as the official crest of the FBI or the Department of Homeland Security.

Another method is the use of infected USB thumb drives. Not only can hackers trick people into clicking on malicious links through email phishing and other electronic communications, but they can also lure employees to allow them physical access to their device and the company’s network. With this tactic, a cybercriminal will scout the physical location of the bank or institution and leave infected USBs around the premise. Who doesn’t love a free USB drive, right? The USB will be labeled or contain files with enticing names such as, “2016 Bonus List” to entice employees to open the file(s), which will activate the malware.

The key is to defending against social engineering is to ensure every employee within the company is working together to identify and guard against it. Train all employees regularly, making sure they never open unknown emails or pick up unknown USBs. Ransomware can often be the easiest form of malware to infect a computer system. Keeping threats like ransomware top of mind for employees will improve their ability to detect and avoid becoming a victim of this and other forms of malware.

Keep Software Up-to-Date

It is imperative that all personal computers (desktops, laptops, etc.), as well as corporate email and file share servers, run anti-virus and anti-malware software. The software must be kept up-to-date to ensure that the latest signature sets are available to detect both new and existing ransomware.

Make Patching a Priority

At a minimum, automatic update systems such as Windows Update need to be enabled to ensure that you are getting updates for your workstations (desktops, laptops, etc.). However, user software installed on the workstations needs to be updated as well to ensure that the ransomware does not exploit a weakness in Adobe Flash®, Microsoft® Office, or other software packages.

Move Forward with Backing up Workstations and Servers

Backing up workstations and servers is an important component of any recovery effort associated with ransomware. Companies should complete full backups at least weekly and then perform incremental / differential backups on a daily basis to ensure that any files that are created or modified on the system are backed up.

Limit User Access to Mapped Drives

Ransomware is also getting smarter, capable of browsing and encrypting data on any mapped drives that the end user has access to. Restricting the user permissions to the share or the underlying file system of a mapped drive will limit what the malware has the access to encrypt.

Conduct Vulnerability Assessments Regularly

Recurring vulnerability assessments allow a company to identify and address vulnerabilities that may allow ransomware to infect a host. Vulnerability scans should be run at least monthly on all network assets when possible and on new systems as they are brought online to ensure they are properly patched and resilient against attacks from ransomware and other malware. Patching hosts that are discovered to be vulnerable to ransomware attacks should be prioritized over less critical issues.

With time on their side, attackers have several advantages over companies preparing defenses against attacks. Attackers can target select or multiple vulnerable employees within an organization, utilizing different methods to eventually catch one unaware. Defenders must be diligent, continually updating systems, training and retraining staff in order to attempt to stay ahead of attackers; no easy task. While vulnerability assessments, penetration tests and security awareness training won’t render a firm completely immune from cyberattacks, evidence has shown that combined with the tips above, they can significantly reduce incidents of security compromises and ransomware attacks.