Ransomware: 7 Tips for Managing A Growing Risk

Ten years ago, few people could have imagined that one of the greatest operational and data security threats to financial institutions would be extortionists holding data hostage. Yet that’s exactly what’s happening today with ransomware.

The banking industry has become a massive ransomware target—and the threat is growing. Ransomware attacks against banks increased 1,318% in the first half of 2021, according to a ZDNet analysis.

Ransomware is a problem for financial institutions of all sizes. Others have fallen victim to ransomware attacks of third-party vendors, experiencing service disruptions or unauthorized data exposure as a result of ransomware breaches.

What can a financial institution do to avoid ransomware and its consequences? The answer begins with a risk assessment.

Managing Cybersecurity Risk

When evaluating the cybersecurity risk posed by ransomware, the best place to start is the FFIEC’s Cybersecurity Assessment Tool (CAT). The CAT is designed to help FIs identify cyber risks and evaluate their preparedness.

By answering the questions and assessing the results, FIs can understand regulatory expectations, recognize cyber risk, and then assess and mitigate those risks. This holds true for ransomware.

Ransomware is a type of malware, which is short for malicious software. The FFIEC CAT mentions malware 11 times in its section on cybersecurity controls. It lets FIs see where their malware controls fit into the matrix of maturity levels. It also maps questions to FFIEC Information Security Booklet requirements.

Where do preventative cyber controls for malware rank?

Baseline maturity

  • Up to date antivirus and anti-malware tools are used.
  • Antivirus and anti-malware tools are used to detect attacks.
  • E-mail protection mechanisms are used to filter for common cyber threats (e.g., attached malware or malicious links).

Evolving maturity

  • Antivirus and anti-malware tools are deployed on end-point devices (e.g., workstations, laptops,and mobile devices).
  • Antivirus and anti-malware tools are updated automatically.
  • Containment and mitigation strategies are developed for multiple incident types (e.g., DDoS, malware).

Intermediate maturity

  • E-mails and attachments are automatically scanned to detect malware and are blocked when malware is present.

Advanced maturity

  • Customer authentication for high-risk transactions includes methods to prevent malware and man-in-the-middle attacks (e.g., using visual transaction signing).

Innovative maturity

  • A centralized end-point management tool provides a fully integrated patch, configuration, and vulnerability management, while also being able to detect malware upon arrival to prevent an exploit.
  • E-mail protection mechanisms are used to filter for common cyber threats (e.g., attached malware or malicious links).
  • User tasks and content (e.g., opening an e-mail attachment) are automatically isolated in a secure container or virtual environment so that malware can be analyzed but cannot access vital data, end-point operating systems, or applications on the institution’s network.

Those are just the areas of the CAT specific to malware. The tool takes a comprehensive look at your total cyber maturity, showing areas of weakness that could invite ransomware. Tools are available to simplify the process.

The Other Risks of Ransomware

Cybersecurity is just part of the ransomware risk picture. There are other areas to consider:

Business continuity/resiliency. Does your financial institution have the backup systems it needs for resilience when it comes to ransomware and other cyberattacks? Is your incident response plan robust? Has it been tested?

Financial risk. Is your FI prepared for the financial consequences if ransomware caused widespread data loss, a major data breach, or gave you no choice but to pay the ransom?

Operational risk. When Garmin was attacked with ransomware, its online servers weren’t available. That meant users of its fitness devices weren’t able to use their full functionality.

Vendor management. When a vendor is breached, it’s not only the vendor’s data that’s in danger. Third-party vendors often have sensitive data belonging to their customers.

It’s yet another reminder that it’s not enough to protect your own network. If critical vendors hold sensitive data and/or conduct functions essential to your operations, you need to know that they are also resilient. Good vendor management is a must.

Reputation risk. It’s hard to keep a ransomware attack a secret, especially when it disrupts systems. When ransomware hit fintech firm Finastra earlier this year, it had to take many of its servers offline when it detected suspicious activity. The move prevented further ransomware infiltration of its systems, but it also disrupted customers. Once word gets out, everyone will want to know if you paid up and how much.

7 Risk Management Tips for Avoiding Ransomware & Its Consequences

  1. Stay on top of the latest information. Changes like the recent threats to release information if the ransom isn’t paid may change your cyber risk assessments and mitigation strategies. Make sure your FI is aware of new cyber threats and working with other FIs to share information.
  2. Train staff to recognize phishing attempts. Ransomware often gains access to systems when employees click on links that then surreptitiously download software onto their computers. These emails are looking more and more like legitimate emails, making staff training a must. Stay on top of the latest phishing schemes and make sure your employees are aware of them.
  3. Keep software updated and properly configured. Just in case you needed yet another reason to regularly update and patch software, attackers exploit known vulnerabilities to install ransomware.
  4. Monitor your system for abnormal activity. Employees may be using remote desktop protocol (RDP) to work-from-home. While it’s a great pandemic workaround, it’s also a potential point of entry for ransomware. Make sure you are monitoring your network for odd login activity. Criminals will use brute force attacks (logging in repeatedly with numerous passwords and usernames) or using purchased credentials.
  5. Keep your backup and disaster recovery plans up to date. Business continuity management and operational resiliency are regulatory requirements, but they are also essential to defending against the impact of ransomware. A single employee clicking a bad link can infect a system, making it necessary to be prepared to respond to an attack.
  6. Encrypt your sensitive data. Make sure that even if hackers access your information, they won’t be able to use it.
  7. Consider cyber or business interruption insurance. The financial loss from a ransomware attack can be substantial.

Don’t get caught off guard by ransomware. Make sure you assess this risk to your FI and implement and monitor controls to keep your systems and data safe.


Michael Berman is the founder and CEO of Ncontracts, a leading provider of risk and compliance management solutions, and the author of The Upside of Risk: Turning Complex Burdens into Strategic Advantages at Financial Institutions. His extensive background in legal and regulatory matters has afforded him unique insights into solving operational risk management challenges and drives Ncontracts’ mission to efficiently and effectively manage operational risk.


Interested in learning more from our partner, Ncontracts? Register for their upcoming webinar:

Ask Me Anything! Vendor Managers Tell All Thursday, October 28, 2021 @ 1:00 PM CT