The Federal Financial Institutions Examination Council today alerted financial institutions about the increasing frequency and severity of cyberattacks involving extortion. These attacks employ tactics such as ransomware, denial of service and theft of sensitive business and customer information to extort payments or other concessions from victims.
In a statement summarizing existing guidance, the FFIEC agencies advised banks to ensure that their risk management processes and business continuity planning address the risks from these types of cyberattacks. Recommended steps included conducting ongoing risk assessments, including cyberattacks involving extortion in training programs and regularly testing and reviewing controls and processes.