Ransomware is the latest cyber extortion tool devised to threaten both businesses and individuals. Having affected financial institutions, hospitals and many other types of organizations, ransomware has been featured prominently in the news over the past few years.
In 2015 alone, the Federal Bureau of investigation (FBI) reported 2,400 ransomware-related complaints totaling a loss of more than $24 million. While some affected have paid the ransom and recovered their computer data, others have lost theirs forever.
What is ransomware, and how can banks protect themselves against this formidable risk?
Similar to a virus, ransomware is malicious software that infects a computer. It can arrive via several mechanisms: a malicious email attachment, embedded in a malicious website download, attached to a phishing email, or even a Web link that automatically downloads the ransomware when it is clicked.
Once a user's files and documents are encrypted, they become inaccessible until a ransom is paid. A user is instructed to pay ransom within a certain timeframe and through a method that is fairly convenient yet difficult to trace back to criminals. This may include wire transfers, pre-paid payment cards, Bitcoin or premium cost SMS services. While criminals say they will provide the user a decryption key necessary to recover their files, there is no guarantee that data will be recovered after the ransom is paid. Additionally, paying the ransom does not prevent future infection with the same or different ransomware and the cycle repeating.
Another type of ransomware locks a user's device to prevent its usage. The lock message often accuses the user of a crime and appears to come from a branch of law enforcement. The files may not be encrypted during this attack. If the lock screen ransomware is removed, the files are typically untouched.
While everyone is at risk for ransomware, banks are particularly attractive targets. Criminals recognize that financial institutions maintain a bevy of personally identifiable information and have the funds to pay a potentially lucrative ransom.
Beyond losing their files, banks that fall victim to ransomware can face monetary and business interruption losses, legal and IT service fees, lack of employee productivity and -most importantly-compliance and reputational risks.
The most effective defense against ransomware is prevention, and banks must take precautionary measures to protect themselves and their customers.
Despite a bank's best efforts to protect against ransomware, an incident may still occur. If it does, both the FBI and the Federal Financial Institutions Examination Council (FFIEC) encourage ransomware victims to notify law enforcement immediately. Law enforcement officials, such as the FBI, can assist in determining whether or not it is in the bank's best interest to pay the ransom.
In addition, the FFIEC recommends notifying the appropriate bank regulatory authority of any ransomware incident, and possibly filing a Suspicious Activity Report. Banks may also file a notice of a ransomware incident on the FBI's Internet Crime Complaint Center at www.ic3.gov.
Ransomware is a rising threat for U.S. businesses as an increasing number of cyber criminals adapt it as their newest method of extortion. According to the FBI, these criminals collected $209 million in the first quarter of 2016-which puts ransomware on pace to be a $1 billion crime in 2016. Banks must take preventative measures to avoid falling victim to a ransomware scheme and suffering potentially irreparable losses.
This article is provided for general informational purposes only and does not constitute legal or risk management advice. Readers should consult their own counsel for such advice.