Ransomware continues to trouble financial institutions worldwide and is only going to get more dangerous as cybercriminals move towards increasingly sophisticated forms of malware to carry out targeted attacks. For example, WannaCry ransomware took the world by storm by targeting the Microsoft ® Windows ® operating system. Once installed, it infected Windows computers through a worm that spread across networks by exploiting a vulnerability in Microsoft’s SMB file-sharing services. The malware paralyzed computers in factories, banks, government agencies and transport systems, hitting 200,000 victims in more than 150 countries. The malware was able to infect many systems because some users didn’t keep up with security updates, leaving computers vulnerable for attack. It can take just one click on an infected link or email attachment for such malware to gain a foothold within the network.
However, for as much global attention as WannaCry has received and the amount of damage it has done worldwide, one community bank was able to significantly reduce the likelihood of this attack with the help of its trusted IT partner, Safe Systems. When news of the attack came in late Friday, May 12, the bank contacted Safe Systems for guidance on how to best protect the institution’s machines and network against this emerging threat. The bank’s network administrator recently left, which made the situation all the more critical. The bank staff knew it needed timely assistance to ensure all patches and anti-malware updates were securely in place to prevent the ransomware malware from impacting its systems.
The following day, the community bank submitted a weekend emergency support request to Safe Systems. The client services team quickly responded with detailed information on the WannaCry ransomware and provided a comprehensive list of machines that needed further patching. On Sunday, May 14, the Safe Systems team created a custom report to identify machines at risk for the worm component of WannaCry and generated emergency reports of what particular network actions needed to be taken to thwart these threats. The bank was able to verify that all additional machines were up to date on patches and anti-malware updates from their NetComply IT network management service.
“Due to the critical nature of this vulnerability, we quickly created a custom report in our portal, theSafe, — faster in fact than any other we had produced in our history — to help the bank and all of our customers identify any devices missing the necessary worm patch component or any of the subsequent updates needed to combat the EternalBlue and DoublePulsar threats before they were even aware they needed it,” said Chris Banta, Director of Security and Automation at Safe Systems. “We are committed to providing quick and thorough responses to our customers, as well as proactive and time sensitive information to protect them from increased incidents of ransomware and other emerging exploits.”
Since the WannaCry outbreak in May, we’ve seen more instances of malware like GoldenEye/Petya, which wreaked havoc worldwide as it spread to more than 60 countries last month. This attack disrupted ports from Mumbai to Los Angeles, a cargo booking system at a Danish shipping giant, and U.S. delivery firm FedEx, to name just a few of the organizations affected. The malicious code encrypted data on machines and demanded victims pay $300+ ransoms for recovery, which is similar to the extortion tactic used in the WannaCry ransomware attack. Risk-modeling firm Cyence said economic losses from the recent Petya and WannaCry would likely total $8 billion.
Phishing, malware, ransomware and a host of additional fraudulent activities continue to target a variety of organizations, including financial institutions. While history has shown that well-designed, single-focus solutions can prove useful in stopping specific attacks, the capabilities of advanced malware are now so broad and sophisticated that such protections inevitably fail – opening the way to costly data breaches and other malicious attacks. These incidents are precise examples of how a layered approach can significantly reduce your information security risk and how working with a trusted IT and security service provider helps to ensure your institution’s IT infrastructure is functioning optimally, securely and compliantly at all times.