Pub. 6 2016-2017 Issue 2

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S September • October 2016 23 You receive a legitimate looking email with an attachment and open it. You determine that the email is not important or dismiss it as spam but it is too late. Quietly in the background an application begins running that encrypts or scrambles all the data on the workstation and mapped network drives. It is not until you try to open a needed file that the realization of what is happening occurs. You have been locked out of your own documents. According to the Department of Justice, in 2015 there was over $24 million in losses directly related to ransomware. This is only the 2,500 ransomware incidents that were reported to the Internet Crime Complaint Center (IC3). The US Federal Financial Institutions Examination Council (FFIEC) has already warned banks that ransomware is on a sharp rise. This is due largely in part because it is a successful revenue generating scheme. The goal of ransomware is to catch organizations and individuals alike off guard and hold their data hostage until the affected party pays the ransom. Is your bank protected? Follow these seven steps to help prevent your bank from becoming victim to ransomware. 1. Train your employees. If your employees know what to look out for, they can be- come your most important line of defense in preventing a ransomware attack. Fun fact, the Human Resources department is most likely to be culpable in catching a ransomware infection due to their nature in opening attachments daily. 2. Utilize a spamfilter to prevent compressed (.zip) and executable (.exe) attachments. Preventing files from entering your bank’s network that have potential to hide ran- somware could stop it dead in its tracks. 3. Disable macros from running. Ransom- ware creators are getting smarter and embedding their malicious code inside common MS Office documents such as docx, ppt, and xlsx. Disabling macros would prevent this code from being run on a potential victim’s machine. 4. Ensure that each machine is running anti-virus software with up-to-date defi- nitions. If a known version of ransom- ware manages to get to your system, your anti-virus software should be able to stop it before encryption starts. 5. Follow the rule of least privilege. Only grant users administrative access to their machine if absolutely necessary, and only use administrator accounts when essen- tial. 6. Prevent programs from executing in Temp and AppData folders. These are the com- mon directories where ransomware has been known to hide and execute from. Wh- itelist applications that need this access. 7. Get an Intrusion Prevention System (IPS). A good IPS can detect and stop known vari- ants of ransomware from phoning home to get an encryption key. Without this key, certain types of ransomware cannot encrypt your data. Your bank has been hit by ransomware. What do you do now? Initiate your incident response plan. You planned ahead and already have defined procedures for handling ransomware, right? Find the offending machine and re- move it from your network immediately. This is paramount in stopping more files on your network from being encrypted and can reduce the amount of data needing to be recovered. Remember that IT guy that kept bugging you for more money to let him create backups of everything? I hoped you listened. The only way to get out of this mess is to restore all affected systems from backups or roll the dice and pay the ransom. The FBI has previously said it “does not support paying a ransom to the adversary”. This is due in part because there are cases where a victim has paid the ransom in untraceable bitcoin but never received the decryption key. Defining and implementing a solid backup strategy will not only save you in the event of being hit by ransomware, but also aid in business continuity efforts after a hardware failure or natural disaster. Backup all critical systems regularly and test those backups to ensure your ability to restore from them if ever needed.  Clinton Wanner can be reached at info@garlandheart.com or (800) 999-2495. You can also visit www.garlandheart.com FEATURE ARTICLE CLINTON WANNER SECURITY ANALYST GARLAND HEART The goal of ransomware is to catch organizations and individuals alike off guard and hold their data hostage until the affected party pays the ransom. Ransomware Is on the Rise