ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Cybersecurity

Ransomware 101: What Banks Can Do To Mitigate Risk

July 20, 2018
Reading Time: 3 mins read

Ransomware Concept with Hooded Hacker - On-Line Security

By Israel Barak

Ransomware has become one of the most—if not the most—prevalent, effective and successful forms of cybercrime. Ransomware is simple to create and distribute and offers cybercriminals an extremely low-risk, high-reward business model for monetizing malware. Combine this with the fact that most companies and people are unprepared to deal with ransomware, and it’s clear why it has become the fastest growing cyber threat to date.

Simple code, sophisticated e-marketing
Ransomware propagates through the same channels as regular malware—mainly email, but also through compromised or malicious websites and pirated software. Ransomware code is often not sophisticated, but it doesn’t need to be. This is because unlike many types of traditional malware, in most cases ransomware does not need to remain undetected for long to achieve its goal. What is more sophisticated about ransomware is the e-marketing effort that drives its distribution.

Ransomware purveyors are often savvy e-marketers who know their targets. It is not uncommon for a ransomware gang to run multiple campaigns at the same time, with tiered pricing based on a variety of parameters such as vertical industry, region, age, etc. While ransoms have exceeded hundreds of thousands of dollars in some cases, the goal is to set a price that makes it either cheaper or easier for the victim to pay the ransom than to recreate or restore the compromised systems, especially when the victim has a sense of urgency.

Exploiting risk management gaps in cyber insurance, operations
The end result of ransomware is a whole new economy for cybercrime, one with risk management gaps that allow it to thrive. One significant gap is that the cyber insurance industry is often useless when it comes to ransomware. Most policies have an “extortion” clause, but the deductibles are cost prohibitive: often times, hundreds of thousands of dollars need to be extorted before the insurance will kick in. Plus, if the company publicly discloses that it has a cyber-extortion clause in its policy—in a press release or a public report, for example—then it could invalidate the policy.

Another key factor is that it can take a medium-sized business days to restore from backup, which makes it cheaper and easier for victims to pay the ransom. Think about Hollywood Presbyterian Medical Center in Southern California, which in 2016 had its computer systems crippled for more than a week as it worked to recover from a ransomware attack. When their labs and prescription systems were down, those orders had to be handled manually. Think about the cost involved in that!

Some believe paying the ransom will mark them as an easy target and invite future attacks. However, generic ransomware is rarely individually targeted—it’s usually a “shotgun” approach: attackers acquire email lists, compromise websites and blast out ransomware. Given the amount of attackers out there, if you do get hit again, it will likely be by a different attacker.

So what can you do to mitigate ransomware risk?
Here are some tips banks can follow to mitigate ransomware risk at their institutions and limit the fallout of a ransomware attack:

  1. Maintain regular and constant backups of important files and consistently verify that the backups can be restored. Be aware of and filter potentially malicious websites and emails.
  2. Avoid common malware delivery tactics. Ransomware is often delivered through the exact same channels as other types of malware—sometimes it’s even bundled and downloaded together with other types of malware. Refrain from downloading pirated software or paid software offered for “free.” (Remember: when a paid product is offered for free, you are the actual product.)
  3. Don’t download software from any non-trusted sources or websites or any key-gen, password cracking or license check removal software. In addition, don’t open email attachments from unknown or unexpected senders, and ensure that your staff is well trained on what to do in the event they receive a suspicious message.
  4. Review your company’s cyber insurance plans. Ensure your cyber insurance plans are in line with the level of risk you want from ransomware. Consider requesting a “ransomware clause” for cyber extortion that would eliminate the inability to publicly disclose and adjust the unrealistic high deductible to be more in line with current ransom demands.
  5. In the event of a ransomware attack, assume all sensitive data on the machine was compromised. Whether you pay or not, keep in mind that attackers will always try and extract useful data off a compromised machine. This potentially includes usernames and passwords for internal or web resources, payment information, email addresses of contacts, etc.
  6. Consider deployment of advanced anti-ransomware technology to prevent execution of ransomware. These technologies can be adopted either as standalone tools or incorporated into the organizational anti-malware platform.

If you have not taken precautions in advance and your organization falls victim to a ransomware attack, then it might be easiest to pay, and better prepare for the next attack.

Israel Barak is CISO at Boston-based Cybereason, a cybersecurity company specializing in endpoint protection, detection and response.

ADVERTISEMENT
Tags: Cyber crimeCybersecurity
ShareTweetPin

Author

Monica C. Meinert

Monica C. Meinert

Monica C. Meinert is a senior editor at the ABA Banking Journal and VP for executive communications at the American Bankers Association.

Related Posts

Using Artificial Intelligence to Make Sense of Mountains of Data

Three myths about AI in banking

Technology
July 3, 2025

Common myths and misperceptions might confuse about what to expect and misdirect investment and efforts.

Banking forward: What is top of mind for 2025? 

ABA survey: Most banks likely to stick with current core provider

Newsbytes
July 2, 2025

While 69% of bankers are "extremely" or "somewhat likely" to remain with their current core provider at the next renewal, when they do pursue core conversions, the primary reason is poor customer service, according to ABA's survey results.

BIS: Stablecoins fail as ‘sound money’

BIS: Stablecoins fail as ‘sound money’

Compliance and Risk
June 27, 2025

Stablecoins as a form of sound money fall short, and without regulation pose a risk to financial stability and monetary sovereignty, according to a recent report by the Bank for International Settlements.

OCC seeks comment on digitalization challenges for community banks

ABA offers recommendations to boost community bank digitalization

Community Banking
June 26, 2025

The OCC should proactively support responsible community bank digitalization through transparency, information sharing and meaningful dialogue with stakeholders, ABA said.

Fannie, Freddie directed to consider allowing cryptocurrency for mortgages

Fannie, Freddie directed to consider allowing cryptocurrency for mortgages

Mortgage
June 26, 2025

Federal Housing Finance Agency Director Bill Pulte directed Fannie Mae and Freddie Mac to prepare proposals to allow cryptocurrency to count as an asset for a mortgage.

Fed’s Waller: FedNow grows to nearly 1,000 institutions

FedNow adds risk mitigation feature, boosts transaction limit

Newsbytes
June 25, 2025

The FedNow instant payments service this week announced it has launched a new account activity threshold feature and raised its transaction limit from $500,000 to $1 million.

NEWSBYTES

U.S. Bank survey: Small-business owners focus on succession planning

July 6, 2025

FDIC report: 97% of supervised institutions rated satisfactory or better for consumer compliance

July 6, 2025

Updated: President signs ‘big beautiful bill’ including numerous ABA-backed provisions

July 3, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.