What to Do If Your Financial Firm Gets Infected with Ransomware

Security, Strategy

classification

Ransomware happens.  You do your best to prevent it from happening to you, but inevitably someone clicks on something they shouldn’t or your protection tool misses the latest strain of hack and your systems get infected.  There is no “one size fits all” solution for firms in the complex, regulated financial services industry. Whether you’re a bank, financial adviser or real estate broker, here are some essential things to do and not do that have proven effective for our clients.

Stay calm when you learn that you’ve been infected. We’ve seen companies get hacked and then compound the issue by making poor decisions in their panicked attempt to fix things. A harried approach makes the whole ordeal a lot worse. Breathe.

Activate your Incident Response Plan.  It’s there for a reason. It helps you avoid panic and it covers all the bases. Follow the plan. If you don’t have a plan, once everything has settled down, make one. You can google “IT incident response plan” and find a template to get started.

Stop the ransomware still running rabid through your systems.  Identifying a breach is the first step, but noticing the effects of the ransomware breakout does not stop its march. It is still infecting machines. Stop it immediately by

  • Removing the infected machine(s) from the network. Pull the network cable, shut off the WIFI, or turn the machine off.
  • Look at the infected files to see which login is now the owner by right clicking over the file and choosing Properties and looking at the Security tab.  This is the one that is infecting the files and often points to the root user or computer that started the outbreak. Scan and clean that machine first.
  • Scan the infected machines and all computers. Run your anti-virus and anti-spyware cleanup on all computers. The infected computer will have a readme file or have a pop-up with ransomware instructions and in that it should show the strain of infection you have.
  • On a clean machine do a Google search to find cleanup tools for that ransomware strain. Run the tool on the infected machines. Then run scans on all machines.

Notify the appropriate regulatory bodies and financial partners. Financial firms often need to let a federal agency know about any successful security breaches. Get it done ASAP to demonstrate that you are on top of the problem.

Communicate the situation and recovery efforts internally. Let your users know that you are aware of the ransomware outbreak, you are handling it, and things are under control. You want all of your users to stay calm too.

Let the FBI know. Yes, that FBI, and they really do want to know so they can help globally track these hacks and prevent them from happening again.

Perform a post-mortem. Last, but not least, do a deep dive into the infection’s roots and a deeper dive into all of your systems to ensure the hackers have been booted and everything is clean. Statistics show that 50% of ransomware victims, will get infected again. This is the result of ransomware remnants not being fully cleaned out of your systems by IT.

In the end, the best way to address a ransomware infection is to not get one in the first place. For more information on how financial firms can prevent a ransomware infection or address one after it hits check out these posts:

How Do You KNOW That You Have Not Been Hacked?

Phishing Happens and MFA May Not Save You

3 Security Vulnerabilities You Don’t Realize You Have

 

 

 

 

 

 

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Related posts

New Year’s Technology Resolutions

New Year’s Technology Resolutions

I know you’re excited to make next year’s resolutions all about your IT.Ok, maybe not, but you should be. Instead of falling into the same routine of creating another list of resolutions you’re likely to break, try making a solid plan to accomplish some IT objectives...

Email Phishing: How to Recognize, Respond, and Protect Your Data

Email Phishing: How to Recognize, Respond, and Protect Your Data

Almost every week we hear about our clients getting hit with phishing emails and it is scary. Phishing attacks can target anyone, no matter how secure their systems may seem. According to the Sophos Ransomware 2024 report, 59% of companies were hit with ransomware...

Accessibility Toolbar

Share This