How to Avoid Ransomware Threats

Topics: Small Business

Summary: Cybercrime continues to be on the rise and is a threat to businesses of all sizes. In this article, we’ll look specifically at ransomware attacks and what organizations can do to help protect themselves from becoming victims of cybercrimes.

By Timothy Jacobs, Complex Specialty Claims Adjuster at AmTrust

Ransomware Attack

The Cost of Ransomware Attacks

The seriousness and frequency of ransomware and other types of cyber attacks are increasing. It is predicted that cybercrime could cost the global economy $6 trillion annually in 2021 and as much as $10.5 trillion by 2025. Further, there was a new ransomware victim every 10 seconds in 2020, up 435% from 2019. Costs associated with ransomware attacks have increased as well. In 2019, the average ransom payment was $41,198, while in 2020, the average ransom payment increased to $233,217. The average response costs associated with an attack was $761,106 in 2020, and the anticipated average response cost in 2021 is expected to be $1.85 million. If these statistics are not enough to lose sleep over, there are high-profile ransomware attacks in the headlines to remind us that ransomware attacks have become a constant threat for any business.

Financial Institutions and Ransomware Attacks

Threat actors have also changed tactics in the last year. Historically, ransomware groups would simply encrypt the information on a network and demand payment to provide the encryption key. In the last year or so, the threat actors have begun to add other aspects to the attack to increase pressure on their victims. They gain access to the victim’s networks, and they establish a footprint within the network. The threat actors then use their access to expand their rights to access the system and exfiltrate data before encrypting the network.

This gives threat actors two pressure points to force victims to pay the ransom: 1) to avoid public disclosure of sensitive data and 2) to receive the decryption key for the encrypted network. If this is not worrying enough, ransomware groups have begun selling their software to others who access networks and activate the ransomware after exfiltrating the data. This is commonly referred to as Ransomware as a Service (RaaS). After collecting the ransomware, the ransomware group pays a portion of the ransom to the threat actor who installed the software.

Financial institutions are typically more resistant to ransomware attacks than other industries. This is likely due to the high level of regulation and security required to prevent other types of cybercrime on banking networks. However, financial institutions are not immune; they saw a 520% increase in phishing and ransomware attacks between March and June last year. Ransomware continues to be one of the most significant and enduring criminal threats to businesses in the financial industries, including banks and credit unions.

How to Help Prevent Ransomware Attacks

There are ways to protect against ransomware and mitigate the expenses associated with an attack. The following are some concepts and methods for helping to avoid an attack and to minimize the impact of such an attack if one occurs.

Use AmTrust’s Prevention Tools

AmTrust offers our FI clients a value-added service from NetDiligence to help financial institutions prevent data breaches before they happen. The NetDiligence eRiskHub® portal was created to provide education and assessments to help stop a breach before it occurs. Features of the portal include loss prevention tools and training, breach preparation resources including self-assessments and cost calculators, as well as industry information and alerts on new virus/security threats.

Assume You Will be Attacked and Prepare a Response Plan

Once an attack occurs, time is of the essence. Create a well-thought-out response plan to help coordinate an appropriate response by identifying actions steps, response team members, team member responsibilities and communication strategies should be developed beforehand. Once the plan is created, it should be tested in mock incident response sessions.

Additionally, incorporate your AmTrust Cyber Liability insurance policy into your response plan. As soon as an incident occurs, make sure to alert AmTrust so your policy can be utilized immediately. First-party response services include assistance at every stage of the investigation of and response to a breach incident from a team of technical professionals. Our coverage includes legal services and vendors to help companies comply with state regulations that require a business to notify customers of a data breach involving personally identifiable information.

Provide Rigorous Training to Employees to Avoid Phishing Attacks

Phishing attacks account for 80% of reported security incidents. Reducing the likelihood of a phishing attack’s success is one of the best ways to keep threat actors from gaining unauthorized access to a network. Coincidentally, training costs are relatively low compared with other security measures. Providing rigorous training and testing employee preparedness for phishing attacks are some of the most useful and cost-effective methods of reducing the risk of a ransomware attack.

Keep Anti-malware and Anti-virus Software Updated

Updating software is a first step toward protecting computer networks, and it should be a minimum-security step. Continuously updating and monitoring the network and emails provide an opportunity to prevent known malicious software from entering the system or causing damage.

Timely and Regularly Update Software Versions and Security Patches

Like updating anti-malware and anti-virus software, this is a minimum level of security. Many ransomware organizations look for specific known vulnerabilities relying on companies to delay adding security patches. They then exploit those vulnerabilities to gain access to systems. Closing the loop on those vulnerabilities helps prevent certain ransomware attacks.

Avoid Pop-up Installation Requirements

Many online pop-up requests for installing an update to software or installing new software install malware instead.

Use Layered Protection and Segregate Network Sectors

This mitigation strategy limits the damage done if a threat actor gains unauthorized access to the network. This strategy involves segregating the storage areas on the network that allow only certain people to access certain information. Typically, the more sensitive the data, the fewer people that should have access to it. Another strategy related to layered protection is to store high-value sensitive information on the network in an encrypted format. Because the threat actors would not have access to the encryption key, they cannot access or use the data, which can reduce the response costs to an attack and lessen the stress that sensitive data is in the hands of a threat actor.

Backup Important Network Information and Store Backups Offline

By keeping backup files offline, threat actors cannot access the backup and encrypt it when they trigger the ransomware attack on the company’s networks. This, in turn, protects the company’s data and allows it to restore encrypted information instead of paying a ransom.

Financial Institutions Insurance from AmTrust Financial

Banks, investment advisors, title agents and more rely on AmTrust to protect them from a variety of risks. AmTrust is committed to evolving our coverage as new cyber threats emerge for our customers. To learn more about our cyber liability insurance policies, please contact us today.

Tim Jacobs is a Complex Specialty Claims Adjuster handling mainly Financial Institution D&O, professional Liability, financial institution bond and cyber claims for AmTrust Financial Services. After graduating from law school, he has spent the last 20 years supporting insurance companies various roles both in private practice and in house.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.

Time Zones