How Can Financial Organizations Recover from A Ransomware Attack?

Why Ransomware Is A Major Threat

Although ransomware attacks do make the headlines, the volume of reporting does not accurately reflect the severity or losses associated with said attack. It is common for companies to withhold relevant information about the impact of a ransomware attack — especially in cases where a ransom payment can be easily facilitated to ascertain some semblance of normalcy. As such, many ransomware attacks are often not reported to the police .

5 Critical Steps to Take After a Ransomware Attack

The ransomware attack across critical sectors, including financial services, is no longer a matter of “if, rather “when.” In today’s Information Age, every organization with a digital footprint is at risk of being compromised. Below are a few steps that organizations must take into consideration:

1. Think twice before paying the ransom

Meeting ransomware demands may, in some instances, be the fastest route to recovering your data and operations, but it is not the only route. When Finastra’s North American operations were attacked, the company opted to take servers offline , instead of meeting ransom demands. The company survived the ransomware attack without paying any ransom, and the response is a testament to preparedness and mitigating measures.

2. Zero-down on the ‘Patient Zero.’

Yes, you read that correctly. Determining the ‘patient zero’ — discovering the entity who first reported or noticed a suspicious activity — could be a critical step in curbing the effects of a ransomware attack. As such, organizations must identify the application or host that was first infected and investigate associated data sources, configurations, and compromised endpoints.

3. Restore your operations and limit damage after a ransomware attack

Considering how to recover from a ransomware attack, you must assume that the stolen data won’t be released in its original form — even after paying the ransom. Here, Finastra’s approach to taking systems offline is an excellent example of the first step — offline systems cannot be manipulated remotely.

4. Notify regulatory authorities

In the FinCEN advisory covering ransomware , one of the key points was the need to alert regulatory authorities of a ransomware attack. In some cases, a financial institution may need to file a Suspicious Activity Reports (SARs) — this requirement extends to financial institutions that do not deal with the public. Even a private equity firm, for example, may have to notify authorities if an attack occurred.

5. Communicate with clients

A ransomware attack may not immediately impact operations, but if it does impact clients, then it is better to start communicating with clients in an honest manner sooner rather than later. This includes a frank discussion about the ways in which clients may be affected. After all, your institution’s reputation is on the line.

5 Key Control Measures To Take To Prevent Future Ransomware Attacks

1. Perform thorough testing

Double-check that the door that opened the opportunity for an attack (in other words, the vulnerability that was exploited by the attacker) is now closed. You don’t want to get hit in the same spot twice. It is also critical that your institution undergoes a thorough round of basic cybersecurity testing. A vulnerability scanner, for example, will quickly highlight the most obvious cybersecurity risks — and even rank it according to severity.

2. Review and update the cybersecurity measures

It’s a well-known fact that vulnerabilities that are not repaired (or patched, in tech-speak) are one of the most common ways in which malevolent actors can find an entry point into your technology assets. Indeed, an automated tool that scans for vulnerabilities will quickly highlight many vulnerabilities that exist purely because your patching efforts are incomplete. In terms of patching, automation is your institution’s best bet — including on endpoints. Endpoints are devices used at the edge of your network — including personal computers, mobile phones, and even sensors.

3. Perform Constant Risk Assessment

The ransomware attack will have exposed how and why your financial institution is at risk of cybercrime. As a final step, do a comprehensive risk assessment. Here, your technology teams must collaborate with your institution’s risk committee.

4. Revisit your organizational cybersecurity policies, procedures, and guidelines

You must revisit, reevaluate, and refine the cybersecurity policies for any potential gaps, non-compliance, or ambiguity to safeguard your information assets from any potential repeated ransomware attack. Review and revise your information security documentation to ensure that guidelines are not ambiguous, and employees can understand and follow.

5. Cybersecurity awareness, education, and training

Employees are the first line of defense in the cybersecurity chain. Adequately trained employees will not only help protect an organization’s information assets against potential cyber-attacks; they will also know what steps to take to thwart an attack-attempt. A phishing email is the first entry point for a potential ransomware attack. An educated and trained employee will know how to deal with it and report it to the security team for further investigation.

Final Thoughts

An organization can recover from a ransomware attack -without paying the ransom, but the extent of the recovery and the speed at which you recover depends on its preparedness level. It starts with post-attack planning and ensuring that the organization is safe from similar attacks and prepared to deal with it if it happens. Transparency about the attack matters too. However, don’t ignore the power of tools: from network defenses right through to consistent, automated patching. And indeed, the tools to rapidly restore compromised assets.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aaron Mellman

Aaron Mellman


Creator, Techy, Entrepreneur, Animal Lover, Ocean Enthusiast, Environmentalist