Sophisticated ransomware attacks on the rise and protection techniques
Attacks are evolving and becoming more sophisticated and difficult to protect against. One current trend, ransomware-as-a-service, is a ready to use ransomware kit for cyber attackers of all skill levels to threaten all types and sizes of organizations. Dan Schiappa, Chief Product Officer, Sophos, further provides an in-depth look at the intricate details, costs and steps to protect against ransomware attacks.
Ransomware is malicious software designed to block access to computer files until a sum of money is paid. In other words, the files that are attacked are locked up, disabling all information (data and assets) until an amount of funds are paid to the cyberattacker. Money is typically paid in cryptocurrency, similar to Bitcoin. Once the ransom amount is paid to the attacker, the crypto keys (decryption) are returned.
However, attackers have advanced to another type of ransomware that has more than doubled since 2020 (3% to 7%), described by Schiappa as “extortion-style” attacks. In this type of scenario, the attacker replicates the entire data from the organization’s system instead of encrypting the data, which enables the attacker to post all of the data online. This data release, at a minimum, could give the company bad publicity. At its worst, the attacker can also publicize extremely private and confidential data that can be very harmful, especially if the data comes from the government or healthcare sectors.
While the attacks are impactful and time-consuming, the costs of ransom payments, not including remediation costs, vary greatly from as low as US$10,000 to in excess of $3million, according to the State of Ransomware 2021 report. Furthermore, the report indicated the average total cost of recovery from the attacks have more than doubled since 2020 (from approximately $761,000 to $1.85 million in 2021).
Schiappa recommends the following three preparation steps for protection against ransomware attacks.
- Backup data and store backups off-network and off-site.
- Systematically add layers of protection to the network.
- 24/7active, trained IT team searching for potential ransomware synchronized with anti-ransomware technology.
Additionally, the five steps below are recommended by Schiappa if an organization has been attacked by ransomware.
- Follow the business incident response plans quickly.
- Do not turn off network power; turn off only from the affected network.
- ALL personnel and partnerships need to be aware of the attack.
- Transfer all backups and communication OFFLINE.
- Do not pay the ransom.
According to Schiappa, payment of ransom by the victim only recovers 65% of their data.He advises organizations to restore their data through their data backup systems. This action may minimize another ransomware attacks.The best approach, according to Schiappa, is for organizations to take proactive measures to stay on top of possible ransomware attacks.
If the cost for a trained IT team to search for ransomware is too expensive, the cost to recover from an attack will likely be an order of magnitude more, not including negative publicity.
For more information, please visit www.sophos.com.
The revolution of cryptocurrency and compliance becomes more critical as digital payments gain more popularity around the world
As cryptocurrency services continue to revolutionize the payment processes, compliance measures have become that much more important for organizations around the globe.
Blockchain.com Inc, a provider of cryptocurrency services to individual investors and institutional clients, has taken additional steps to expand its current legal processes.Recently, Blockchain appointed CJ Rinaldi, former Deutsche Bank Executive of Deutsche Bank Securities Inc., as the first compliance chief officer to oversee the ever-growing legal and compliance issues within Blockchain’s array of services to clients, in addition to providing anti-money laundering rules and sanctions laws for the company to adhere to.
As Blockchain continues to expand its crypto investment services, the company expressed the importance to protect the business with a leader of experience specifically in regulatory compliance. According to Lindsey Haswell, Blockchain’s chief legal officer, Mr. Rinaldi brings over 30 years of regulatory experience to the company and will help the company work with regulators around the globe to establish legal frameworks for its cryptocurrency business. Ms. Haswell said, “the lack of clarity on the regulatory framework (for cryptocurrency) is the biggest challenge today”.Blockchain leaders would like to be trusted partners and obtain a clearer vision of the regulatory frameworks as they are intensely examined by the regulators worldwide. Processes that include strict compliance rules for digital money are currently outlined for companies to follow as the market continues to evolve. Otherwise, the crypto market may not continue.
For more information, please visit www.blockchain.com.
Cross-border payments continue to breakthrough in collaboration with Fintech
A collaborative Fintech agreement between The Monetary Authority of Singapore (MAS) and Bangko Sentral ng Pilipinas (BSP) was announced today to further enhance payments between Singapore and the Philippines.
As technology and innovation continue to emerge, banks are advancing their current processes to improve their financial activities through the use of Fintech.With the Fintech agreement, both MAS’s and BSP’s payment systems will provide a more efficient, low-cost, cross-border payment process,alleviating the substantial amount of cross border transactions (2020 remittance flows totaled SGD 2.89 billion between both countries).
Additionally, this agreement sets the groundwork to further align their cross-border payment processes with G20 (Group of Twenty– forum comprising 19 countries and the EU) and ASEAN (Association of Southeast Asian Nations) and to continue to regionalize payments while reducing issues among the regions.
Both MAS and BSP agree the connection between the two will further enhance their real-time payment systems and will bring them closer to ASEAN’s network vision. BSP further stated the financial integration will provide additional security of cross-border payments and fortify their relationships with other partners in the region.
For additional information, please visit www.mas.gov
ISO 20022, a flexible payment messaging model adaptable to various industries and networks. Are you ready?
Today, BNY Mellon launches ISO 20022 HUB dedicated to supporting financial institutions and clients to transition to the ISO 20022 (a new ISO format for EDI between banks) platform set to commence in November 2022.
Isabel Schmidt, Head of Direct Clearing and Asset Account Services Products at BNY Mellon, said, “the migration to the new messaging standard, ISO 20022, promises to have significant and widespread impacts on financial institutions across the globe over the coming years.”A successful migration will require financial institutions to understand the intricate details in preparation for the transition today.
The hub for ISO 20022 created by BNY Mellon will provide a detailed transition framework and fundamentals. Financial institutions will benefit from the various informational resources provided, including industry experts and frequently asked questions.
According to BNY Mellon, the HUB will include the essentials outlined below:
- ISO 20022 Fact Sheets (overview and timelines)
- ISO 20022 Learning Curriculum
- FAQ Series
- Expert Insights
- ISO 20022 Resource List (including Fedwire and SWIFT)
For more information, please visit www.bnymellon.com.
Like this item? Get our Weekly Update newsletter. Subscribe today