$1 Million Ransom Demanded From Two Banks

New varieties of ransomware threaten release of thousands of bank customer records

A new ransomware tactic occurring threatens to disclose confidential bank customer information unless a ransom is paid. Criminals have figured out they can extort bigger dollars using this approach compared to simply locking up a bank president’s workstation with ransomware. This creates far more reputational, legal and regulatory risks for the bank.

This exact type of ransomware attack happened at two banks over Memorial Day weekend. While individuals in the United States were honoring those who have fought for our country and were spending time with their families, our neighbor to the north was busy fighting a different kind of war. Cyber criminals attacked two Canadian banks and notified major media outlets about their intent to disclose confidential customer information unless a ransom of $1 million was paid within 24 hours, according to authorities.

What would you do if ransomware attacked your computer network but did more than lockup files on your computer and demand a ransom of $500? What if instead they exported your customer data to a criminal network that demanded $1 million for the return of your customers’ information? Imagine the impact on you and your staff if the media were alerted and you had a short window of time to determine if a successful attack had occurred, to decide if your bank was going to pay the demanded ransom and what you were going to tell your customers.

Cyber-attacks occur against banks every single day, and they are constantly changing. Traditionally, ransomware attacks targeted a single workstation or files on a server. They locked up the files and demanded payment of a few hundred dollars, threating that without payment data would be irretrievably lost. Ransomware’s most recent variant threatens the bank with reputational risk, regulatory risk and legal risk by publicly releasing confidential customer information unless the bank pays a sizable ransom.

The type of bad actors performing these attacks are also changing. Instead of a sole individual cyber attacking for a challenge or for fun, many of these attacks are perpetrated by criminal networks with a profit motive. Many times these cyber criminals are backed by nation-states with substantial resources used to accomplish a successful attack.

What Can You Do?

There are preventative steps your bank can take to help reduce the ransomware threat. Additionally, there are responsive actions that should be planned out ahead of time to help reduce the impact when a ransomware event occurs. Following are some thoughts to consider:

  • Keeping Up – How do you keep up with rapidly evolving threats and ensure you are efficiently and effectively defending against these threats?
  • The Right Stuff – Do you have people with the right knowledge and resources to successfully manage technology risks?
  • Planning – Have you created a response plan for stopping an attack when one is occurring?

When the worst case does happen, the last thing you want to be doing is creating a plan from scratch or spending time discussing what steps need to be taken. When a cyber threat occurs you need a solution that helps you with:

  • Crisis Management and Reputational Risk Management – Will you respond quickly to your customers and community, or will it be a drawn out, painful incident, such as the one with Equifax?
  • Regulatory Response – What is your plan for notifying regulators and handling the subsequent special, and probably more challenging, exams?
  • Legal Risk Management – What can you do ahead of time to reduce risk for the institution and for yourself?
  • Cyber Forensics – Cyber forensics is a must have item. Without this capability, how will you figure out what happened, when it happened and how to fix it?
  • Resource Management – How will you do all of this quickly, do it all at the same time and do it while still operating the bank on a daily basis?

Are you confident in the systems, staff, and processes and procedures your bank depends on to prevent you and your customers from becoming the victim of a ransomware attack? BankOnIT was founded to provide banks a more comprehensive solution in a rapidly changing technology environment with evolving cybersecurity threats, providing your bank stronger defenses and a more robust response to keep your bank secure, operational and regulatory compliant.

Have questions? Give us a call at 800-498-8877, option 2, or at solutions@bankonitusa.com.