The chaos following the recent WannaCry ransomware attack, which infected more than 230,000 systems in over 150 countries, has caused businesses worldwide to reevaluate their strategy toward ransomware. But the WannaCry attack, though unusually large in scale, fits rather soundly into the recent trend of rising ransomware attacks.
According to Verizon’s 10th Annual Data Breach Investigation Report, ransomware increased 50 percent in 2016, heavily targeting digital businesses. This is troubling for all affected institutions, but for money services businesses, or MSBs, it should be a major concern. MSBs share many of the same cybersecurity threats as banks and credit unions, but due to their overwhelmingly digital structures, MSBs are prime targets for ransomware attacks looking to hijack data. With these attacks increasingly on the rise, what can businesses do to thwart the rise of ransomware?
To answer this question, we must first understand the evolution of modern ransomware and how it poses a specific threat to MSBs.
The concept behind ransomware is simple: a cybercriminal targets an organization in order to hold its data and/or systems hostage. The criminal then demands a ransom from the business in exchange for the safe return of the data. If the business refuses, the criminal may delete or expose all of the hijacked data or, at a minimum, leave the data in an encrypted and unusable state. Verizon’s Report indicated that in 2016, the average ransomware payout across all financial institutions was $10,000 per attack. For MSBs, this is a sobering statistic. Ransomware specifically targets MSBs because they are “data rich,” meaning maintaining customer data is an essential part of their business model.
Ransomware 2.0: Automated and Geo-Targeted
Unfortunately, as technology advances, ransomware increases in complexity. Criminals are joining the automation bandwagon by implementing ransomware that will automatically change the ransom demand based on an organization’s industry reputation and geographic location. This is troubling, because it leverages the very technology that MSBs are using to service customers, and proves that ransomware as a whole is becoming far more sophisticated. On top of this, modern ransomware is readily available for a cheap price, and its automated nature means that an attack can be initiated with limited upfront costs and maintenance from criminals.
New Tactics Like “Join Our Team”
Not only is ransomware evolving, but new tactics are also emerging. “Join Our Team” is a particular tactic that gives the victim an additional option. Instead of paying the ransom, they can become a “cog in the wheel” by passing on the ransomware to other targets. Those that accept these terms provide the cybercriminal two more victims to torment; a decent trade-off and an easy way to rapidly grow an attack in a short amount of time.
The influx of different variations of ransomware and their increasingly nefarious nature is enough to make an MSB’s head spin. Luckily, below are proven methods, tailored to MSBs, which will allow your business to fend off ransomware attacks with greater effectiveness.
1. Don’t Wait for Regulations: Make a Plan to Protect Your Data
Of course, the best way for MSBs to fight ransomware attacks is to create a plan—today. New York State has issued a governing regulation stating that all financial institutions (MSBs included) must have mandated cybersecurity measures, including a comprehensive cybersecurity risk assessment. These types of regulations may very well become commonplace as technology expands and MSBs grow, but waiting until it becomes legally necessary is foolish. The truth is ransomware is prevalent right now, and it is not going away anytime soon. Whether or not the government mandates that your data be protected, it is in your best interest, and the best in interest of your customers, to take the necessary measures to fight ransomware attacks.
2. Training and Awareness
According to the Verizon Report, almost all ransomware attacks in 2016 were delivered via email or a direct download. This means, that at some point, a ransomware attack encounters a human being who falls for the social engineering ruse and lets the ransomware onto their system. Therefore, training your staff, especially highly targeted customer service staff, should be a top priority. Educating employees and providing them with training reduces the likelihood of those employees aiding a breach.
3. Backup Critical Data
Ransomware thrives on holding your data captive. But if data has been duplicated and stored elsewhere, ransomware suddenly loses much of its leverage. Regular data backups are essential for any MSB dealing with digital transactions and customer data. The best recommendation is to backup data on a daily basis and maintain a rolling two weeks of backups to minimalize the damage from a potential attack. It is also extremely important that you test your data backups periodically, so that you know they work properly.
4. Privilege Control
Allowing all your employees unlimited access to your customers’ secure data is an enormous liability. Ensure that only employees who need deep access into valuable customer files have it. Limiting these privileges to a smaller, more acutely trained pool of employees will decrease your organization’s overall risk. In addition, only give administrative privileges to an appropriate few.
5. Share the Knowledge
Knowledge and best practices like those listed above are essential to combating ransomware across the globe. Cybercriminals operate best when their targets float in a cloud of ignorance, using confusion and fear as their weapons of choice. Enhanced communication from all MSBs—and all businesses prone to cyberattacks, for that matter—will dissipate the fog of uncertainty surrounding ransomware attacks and create a unified community that will not be bullied by cybercriminals. Organizations such as FS-ISAC provide valuable, timely information on different types of cybersecurity threats from a global network of businesses.
As more consumers use digital methods for the purchase of goods and services, cybersecurity risk will continue to grow as a top concern. Using these five points, MSBs will be one step ahead of criminals attempting to hijack their data via ransomware and other types of attacks.
Tyler Leet serves as director of Risk and Compliance Services for CSI’s Regulatory Compliance Group. With more than 15 years of experience in the information security, risk and compliance industries, Tyler oversees and participates in the development and maintenance of the risk and compliance-related services conducted for a wide variety of financial institutions and organizations.