Holding a company hostage electronically is becoming the crime of choice for cyberthieves targeting banks and other businesses.
Of all the types of malicious software directed at companies around the world, ransomware is trending high, according to Verizon’s 2018 Data Breach Investigations Report issued this spring; the firm reported ransomware was found in 39% of cases where malware was identified.
Complicating cybersecurity matters, the report found that cyberthieves are broadening their attacks when they strike a firm. “Increasingly, cybercriminals aren’t looking to just encrypt single-user devices,” the report noted. “They can do much more damage, and make much more money, if they can encrypt a file server or database.”
Battling ransomware — which as its name suggests, locks out computers and networks until a hacker’s demands are paid — can be especially difficult for small banks, which have fewer IT resources and are typically working with older technology.
Adams Bank & Trust of Ogallala, Neb., was hit by ransomware attacks several times in past years, and such situations “are probably not uncommon” among smaller banks, said Jason Glazebrook, network administrator for the $750 million-asset bank, which has 19 offices in Nebraska, Colorado and Kansas.
When Glazebrook joined the bank three years ago, it was working with older data software that, if corrupted, would give ransomware access to entire directories of data rather than individual files.
“Ransomware is a challenge on its own, and using that type of [old] software makes it worse,” he said. While such attacks would usually not affect the bank’s technology setup across the enterprise, it would cause disturbances in the individual system.
“It would usually affect one subsystem or another, but that meant there were people in one department who couldn’t access their data for a little while,” he said.
Further, Glazebrook said after an attack, IT staff would have to spend time retrieving backup files to recover data over a six-, 12- or even 24-hour period. This led to extra hours for not only disaster recovery, but also individuals who had to re-enter data.
Why has ransomware become so commonplace? According to the Verizon report, because “it’s easy to deploy and can be very effective — you don’t have to be a master criminal; off-the-shelf toolkits allow any amateur to create and deploy ransomware in a matter of minutes. There’s little risk or cost involved, and there’s no need to monetize stolen data.”
Banks remain a top target for ransomware and malware in general, as cyberthieves simply follow the money. Verizon reported that 76% of all data breaches last year were financially motivated.
In 2017, the number of unique mobile banking malware samples detected by the cybersecurity firm Trend Micro increased by 94% compared with the previous year. Additionally, the enterprise security firm Positive Technologies reported that last year, banks sustained an average of 983 attacks per day targeted at web applications.
The threat has banks spending hundreds of millions of dollars to upgrade cybersecurity technology and hire more IT staff. Meanwhile, regulatory demands are getting tougher, as the U.S. Securities and Exchange Commission is now expecting quick disclosure from banks if cyberattacks occur.
To shore up its data protection, Glazebrook said the 101-year-old Adams Bank invested in technology and partnered with the IT resiliency firm Zerto. It recently installed a platform that immediately alerts the bank’s IT team if ransomware infects the system and can rewind to the minute it hit to fully recover the data in about an hour. (Glazebrook describes it as TiVo for ransomware.) The new system also allows for near-instant replication of data files, and IT staff can also remotely perform checks on system status.
Of course, no matter what technology a bank implements, none can ever be truly safe from cyberattacks like ransomware, as security professionals and cybercriminals continually engage in a cat-and-mouse game, said Michael Hathaway, co-founder of Windmill Enterprise, which operates a blockchain security network called Cognida.
“Unfortunately, there are no easy answers,” he said.
One the one hand, many banks prefer to “keep all their data secure physically and in a single place, and then that can become point of attack,” he said. Having everything in one place “gives a sense of security but provides a place where hackers can try and continually get access to.”
Meanwhile, using cloud storage services means data “is outside of your physical control and you have to make sure your security policies are enforced.”
Ultimately, when it comes to beating back ransomware attacks, banks need a combination of security protocols, said Gijsbert Janssen Van Doorn, a technology expert at Zerto.
“Prevention plans aren’t enough as attacks build in frequency and strength, causing irreparable harm to brand reputation and increasing risk,” he said. “Instead, organizations need to invest and create full IT-resilience plans, including backup, disaster recovery and cloud mobility, allowing them to withstand both planned and unplanned disruptions while at the same time driving digital transformation.”