Protecting Your Institution as Ransomware Ramps Up

In May 2021, Colonial Pipeline, which provides oil and gas to the Southeast, got hit with a major ransomware attack. The firm had to shut down its pipeline, causing fuel shortages, and eventually paid a ransom of $5MM in Bitcoin to regain control over its data and systems. What got lost in the brouhaha is that at least three community financial institutions (CFIs) were also hit with ransomware attacks that month. A Ransomware PrimerRansomware consists of malicious software that is secretly installed on a business computer system and then used to disrupt operations by blocking access, encrypting data, or stealing data. The attacker demands ransom payments in exchange for undoing the attack or stopping the release of sensitive stolen data. Windows operating systems are the favored target system by a wide margin, with Linux in a distant second. MacOS remains one of the least likely targets. Attackers gain access in various ways, from phishing emails to back-door computer break-ins to compromised credentials. There is no magic bullet to prevent such attacks, and the ranks of those involved keep growing and gaining in sophistication, thanks in part to artificial intelligence.Two years ago, bankers got some rare, good news in the battle against cybercrime: ransomware attacks dipped. There was some hope that the small decline in 2022 was the start of a retreat in ransomware attacks, possibly the result of strengthened defenses and more awareness by organizations. But it was a very short respite. Ransomware attacks are on the march again. Research from ThreatDown’s 2024 State of Ransomware publication shows that between July 2023 and June 2024, ransomware attacks increased 33%. According to one survey, reported ransomware payments reached a record $1B in 2023, but the total may likely be higher since not all ransomware payments are reported. Another telling statistic is a surge in posts to data leak sites, which ransomware attackers use to post sensitive stolen data as part of extortion attempts. There was a 75% jump in these types of posts in 2023 over 2022. All this suggests that 2022 was an anomaly, as some cyber crooks who were disrupted by countermeasures are back in action while new players have appeared. Some enterprising cybercrooks now offer ransomware-as-a-service on dark websites. Who’s at Risk While attacks against large enterprises and financial institutions make the news with their multi-million-dollar payouts, many, many more small and medium-sized businesses and CFIs are the victims of ransomware attacks. Hornet Security’s 2024 Ransomware Attacks survey revealed that 55.8% of ransomware attacks reported were from businesses with 1-50 employees. Financial institutions have become a prime target. In 2021, 34% of financial institutions worldwide reported a ransomware attack; in 2024, that number has nearly doubled to 65%. It stands to reason that financial institutions that haven’t experienced a ransomware attack are now a distinct minority.Exactly how widespread this problem is among CFIs is unclear. In 2022, ransomware hackers identified via dark web blogs that seven CFIs in six states had been victims of ransomware after those May 2021 attacks. However, it’s uncommon for ransomware hacking groups to post details about attacks while negotiations are ongoing, meaning that the actual numbers may be higher. As a result of escalating attacks, several regulators approved a final rule in November 2021 that required affected financial institutions to notify regulators of cyber incidents within 36 hours of identifying that an attack has occurred. What You Can Do About Ransomware AttacksThe best offense is a strong defense. Here are five ways to harden defenses against ransomware attacks and plan for recovery, if one does occur:

Ransomware is a growing threat to CFIs and other financial institutions. To better cope, CFIs should strengthen cybersecurity defenses, regularly educate staff, and develop plans for dealing with such attacks and recovering from them.