ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Compliance and Risk

Ransomware Attacks Ramp Up

September 9, 2021
Reading Time: 3 mins read
Ransomware Attacks Ramp Up

By Paul Benda

In March 2021, CNA Financial Corp.—one of the nation’s largest insurance companies—paid $40 million in the wake of a ransomware attack that crippled its network, according to a Bloomberg report. A few months later, cybercriminals targeted the Colonial Pipeline, which supplies fuel to much of the East Coast, with a ransomware attack that led to Colonial paying out almost $5 million.

SVP Paul Benda hosts the weekly ABA Pandemic Update podcast.
These instances are just two high-profile examples of a growing problem: the proliferation of ransomware and extortion-ware. These types of cyberattacks occur when cyber criminals use malware to encrypt files on a device or information on a network, rendering them unusable. Criminals then demand payment in exchange for decryption.

Over the past several years, ransomware attacks have grown in scope and scale, and are now targeting critical infrastructure entities, including financial services providers. According to an eWeek security analysis, more than half of companies faced ransomware attacks and of those, 26 percent paid the requested ransom. Even if companies choose not to pay, ransomware attacks can still be costly and devastating. For example, after the University of Vermont Health Network was compromised by ransomware in June 2021, it lost an estimated $63 million in the process of rebuilding its network infrastructure and restoring compromised hard drives.

Unfortunately, even for those that do pay, obtaining a decryption key is not a panacea—firms must still conduct testing on every machine and network endpoint to ensure that the malware has been successfully removed. One global survey of 5,400 IT decision makers found that around half of those who paid ransom recovered just 65 percent of the encrypted data compromised in the attack. Another 29 percent said they only recovered half of the data.

The staggering cost and increasing frequency of ransomware attacks would seemingly make the case for cyber insurance—but, surprisingly, anecdotal evidence suggests that a majority of financial institutions are not cyber-insured. And with cyberattacks on the rise, the cost of cyber insurance is also increasing, and ransom payments as an insurable risk may not be sustainable in the long run.

The federal government has taken several steps to address the growing problem of ransomware, including establishing a new Department of Justice task force that centralizes the DOJ’s efforts to track cyberattacks and digital extortion schemes. FBI Director Christopher Wray even went so far as to compare the threat of ransomware to the terror threat that followed in the wake of 9/11.

“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Wray told the Wall Street Journal. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”

Banks can find information on ransomware by visiting a new, dedicated website created by the Cybersecurity and Infrastructure Security Agency, cisa.gov/stopransomware. The site provides resources to help evaluate risk and harden systems against potential attacks. It also includes a reporting portal that banks and other companies can use to report cyber incidents to the appropriate authorities.

In addition to these efforts, bank regulators have issued a notice of proposed rulemaking that would direct banks to notify their federal regulator within 36 hours after developing a good-faith belief of a “computer security incident” that will materially disrupt, degrade or impair banking operations. Importantly, this would not replace Gramm-Leach-Bliley consumer data breach notice requirements. Additionally, the rule places a burden on a bank’s third-party providers to provide immediate notice to a bank of a disruptive incident.

While this proposal is a step toward ensuring clarity and consistency around the reporting of cyber incidents, ABA raised concerns that as written the definition of “computer security incident” is overly broad and recommended targeted changes before the rule is finalized—which is not expected until the end of 2021. ABA also continues to monitor legislative activity around ransomware and the prevention of cyberattacks and will continue to update members as new developments arise.

Government efforts aside, now is the time for banks to take steps to ensure their cyber preparedness and review best practices for securing their data infrastructure. Extra vigilance today can help prevent a costly incident tomorrow.

Paul Benda is SVP, cybersecurity and operational risk at ABA.

Tags: CybersecurityRansomwareRisk management
ShareTweetPin

Related Posts

Kentucky judge blocks enforcement of small business lending rule

House bill would increase transparency about small business lending program risks

Commercial Lending
July 14, 2026

A proposed bill supported by ABA would require the Small Business Administration to provide and make public more details about 7(a) lending program risks.

CFPB, DOJ warn against using immigration status to determine creditworthiness

OCC, FDIC release guidance on lending, undocumented workers

Compliance and Risk
July 13, 2026

Lending to individuals who are not legally authorized to work in the U.S. may present elevated credit risk to financial institutions, the FDIC, OCC and National Credit Union Administration said in joint guidance.

CFPB claims ‘complex’ pricing drives up cost of financial products

CFPB pauses planned workforce reduction

Compliance and Risk
July 13, 2026

The CFPB has temporarily halted plans to shrink its current workforce by more than half until a new bureau director is in place, according to a court filing.

Chair’s View: The fight for a fair game

Chair’s View: The fight for a fair game

Policy
July 9, 2026

ABA continues to be a staunch advocate for policies that encourage a level playing field within the financial services marketplace.

New task force to tackle financial fraud, scams

Survey finds many U.S. adults were scammed in 2025

Compliance and Risk
July 8, 2026

Six percent of U.S. adults report they were personally scammed last year, with those scams costing an estimated $68 billion, or four times what was reported to federal authorities, according to a new survey by the Stop Scams...

ABA, BPI support proposed process to create drone no-fly zones

ABA, BPI support proposed process to create drone no-fly zones

Compliance and Risk
July 7, 2026

In a joint letter to the FAA, ABA and BPI said that unauthorized unmanned aircraft activity near financial institution sites can create “obvious and legitimate risk” to physical security as well as cybersecurity, as the technology can be...

NEWSBYTES

Common Cents Act clears House

July 14, 2026

House bill would increase transparency about small business lending program risks

July 14, 2026

ABA warns against increasing administrative burden for CDFI Fund awards

July 14, 2026

SPONSORED CONTENT

Why Your Systems Keep Slowing Down — and What to Do About It

Examiners Are Now Looking at Your Non-Core Systems

June 11, 2026
Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

June 1, 2026
A Modern Blueprint for Serving High-Net-Worth Families

A Modern Blueprint for Serving High-Net-Worth Families

May 28, 2026
Why Your Systems Keep Slowing Down — and What to Do About It

AI Is in Your Bank. Is Your Cloud Contract Governing It?

May 20, 2026

PODCASTS

Podcast: Understanding the 2025 Home Mortgage Disclosure Act data

July 8, 2026

Podcast: Financing America’s independence

June 29, 2026

Podcast: Talent and innovation in community banking

June 18, 2026

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2026 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2026 American Bankers Association. All rights reserved.