How a Business Should Handle a Ransomware Attack

Ransomware is becoming one of the most crippling cyber attacks that businesses, including financial institutions, are facing in today’s world. Ransomware losses for businesses can average $2,500 for each incident and some companies are willing to fork over $50,000 to decrypt their data. Although online protection has become more sophisticated to meet the demands of keeping information safe from attackers, this sort of cyberattack should be looked at as an evolving threat.

Ransomware attacks are still on the rise, so getting out ahead of the issue with a mix of awareness, data security, and the right bank crime insurance program will help to keep liabilities and losses low. Here’s what should be done in the event of a ransomware attack.

Insure Before It’s Too Late

The effects of a cyber attack, such as a ransomware incident, can be long-lasting. From financial troubles to legal issues to having the reputation of not protecting your data enough, a ransomware attack is much more than shutting some computers down. One way that a business, including a bank, can be proactive in protecting information both internally and externally is to invest in an effective insurance program specifically made to protect against cyber liabilities.

For banks, there is bank crime insurance that is a comprehensive program that can help with the financial needs during litigation.

Trace the Attack

Typically, the most common way ransomware finds its way into a network is through a malicious link or email attachment. Banks that come out as lucky in this kind of situation see effects of a ransomware attack on the machine that was used to open link or attachment. However, if your bank fails to patch the entire network your system will end up becoming infected from top to bottom.

The first thing to do after a ransomware attack is to locate machine it was initially infected and discover if that employee opened any suspicious emails or noticed any activity that was irregular. The sooner that this is done, the quicker that actions can be taken. Just like a crime in the real world, there is a very limited time window into which the perpetrators can be caught and before the files are erased.

Unplug Your Network

Ransomware spreads throughout your network connection, meaning that the quicker you remove the infected machine from your office network, the less likely other machines can become infected with the same ransomware. When this happens, employees should be notified as soon as possible to unplug their devices from the network. This could be everything from phones to tablets to computers and includes remote workers who are on the same system as well.

Notify the IT Team

Typically, larger businesses, such as big banks, have a dedicated Chief Information Security Officer who will be the point of contact to execute a plan of action and protocol around ransomware attacks. For smaller companies, however, there may be some budgetary restraints around employing not only a chief information security officer but a fully flexed out IT team.

Whoever is in charge of overseeing data security should be contacted right away as cyber attacks usually leave clues behind in the metadata, which could help in finding the origin of the attack.

Reach Out to Authorities and Employees

After you get your bearings and have gone over the issue internally, it’s important to reach out to the authorities to let them know of what’s going on. From there, investigators will handle the criminal part of this kind of investigation. Next,  it’s important to keep your employees informed as transparency is key in situations like this. When it comes to cyber attacks, employees are typically the weakest link in staving off cybercriminals. Instead of dealing with laying blame, you should inform your staff that there has been a breach and detail to them what this means and what action plan is being taken.

Update Security Systems

Finally, patch, update, invest, and staying informed should be the next moves. After the incident is over, your company will need to perform a total security audit and update all systems while looking for holes that need to be patched up. This may take some time, and will probably cost a good deal of money, but data should be looked at as priceless and kept safe at any cost.


About Financial Guaranty Insurance Brokers

Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for entities of all types. To receive timely, personalized service from a knowledgeable and experienced staff, call us today at (626) 793-3330 to speak with one of our professionals.