Pub. 6 2016-2017 Issue 3

20 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S RANSOMWARE: What Bankers Need to Know and Why FEATURE ARTICLE DANIEL ROHNER AND CAMILA TOBON SHOOK, HARDY & BACON Instead, retain a security forensic firm to help you identify and remediate the malicious ransomware files and restore your system with a secure backup file. A ccording to The Wall Street Journal, ransomware attacks quadrupled in the early part of 2016 with an average of 4,000 per day. Banks are prime targets because they collect, store and rely upon large amounts of sensitive financial data; they also have the resources to pay a ransom. Last year, the Federal Financial Institutions Examination Council (FFIEC) issued an alert detailing the increasing frequency and severity of extortion cyberattacks, including ransomware. Given this growing threat, it is important that banks and their employees understand what ransom - ware is, how to prevent infection, and what to put in place now to deal with future security incidents. What is ransomware? Ransomware is a type of malicious software – known as malware – that infects a computer or network and restricts access. Ransomware attempts to extort money from victims by alerting the user that their files have been encrypted. The cyber-criminal then demands that a ransom be paid to restore access. The consequences of ransomware include: • Temporary or permanent loss of sensitive or proprietary information; • Disruption to operations; • Financial losses incurred to restore sys- tems and files; and • Potential harm to an organization’s rep - utation. Financial institutions also face a variety of unique risks from these types of attacks including liquidity, capital, operational and compliance risks. How are computers and networks infected? Like most malware, ransomware is typically spread through phishing emails that contain malicious attachments. There are also reports of “drive-by” ransomware infections which occur when an employee unknowingly visits an infected website and malware is downloaded and installed without their knowledge. Should I pay the ransom? No. While payment of the ransom is tempting given the low amounts (less than $1,500) of - ten requested by attackers, payment does not address the underlying security vulnerability that may allow the attacker to implement a subsequent ransomware attack. Additionally, payment encourages the attacker to do it again. Instead, retain a security forensic firm to help you identify and remediate the malicious ran- somware files and restore your system with a secure backup file. What can I put inplace toprotect my bank from ransomware? Training – The first line of defense against a ransomware infection is a well-trained work- force. Employees should be trained to identify potentially suspicious emails. In addition, policies should be put in place and employees should be trained regarding the types of web -