What to Do If Your Financial Firm Gets Infected with Ransomware

by | Jan 21, 2020 | Security, Strategy


Ransomware happens.  You do your best to prevent it from happening to you, but inevitably someone clicks on something they shouldn’t or your protection tool misses the latest strain of hack and your systems get infected.  There is no “one size fits all” solution for firms in the complex, regulated financial services industry. Whether you’re a bank, financial adviser or real estate broker, here are some essential things to do and not do that have proven effective for our clients.

Stay calm when you learn that you’ve been infected. We’ve seen companies get hacked and then compound the issue by making poor decisions in their panicked attempt to fix things. A harried approach makes the whole ordeal a lot worse. Breathe.

Activate your Incident Response Plan.  It’s there for a reason. It helps you avoid panic and it covers all the bases. Follow the plan. If you don’t have a plan, once everything has settled down, make one. You can google “IT incident response plan” and find a template to get started.

Stop the ransomware still running rabid through your systems.  Identifying a breach is the first step, but noticing the effects of the ransomware breakout does not stop its march. It is still infecting machines. Stop it immediately by

  • Removing the infected machine(s) from the network. Pull the network cable, shut off the WIFI, or turn the machine off.
  • Look at the infected files to see which login is now the owner by right clicking over the file and choosing Properties and looking at the Security tab.  This is the one that is infecting the files and often points to the root user or computer that started the outbreak. Scan and clean that machine first.
  • Scan the infected machines and all computers. Run your anti-virus and anti-spyware cleanup on all computers. The infected computer will have a readme file or have a pop-up with ransomware instructions and in that it should show the strain of infection you have.
  • On a clean machine do a Google search to find cleanup tools for that ransomware strain. Run the tool on the infected machines. Then run scans on all machines.

Notify the appropriate regulatory bodies and financial partners. Financial firms often need to let a federal agency know about any successful security breaches. Get it done ASAP to demonstrate that you are on top of the problem.

Communicate the situation and recovery efforts internally. Let your users know that you are aware of the ransomware outbreak, you are handling it, and things are under control. You want all of your users to stay calm too.

Let the FBI know. Yes, that FBI, and they really do want to know so they can help globally track these hacks and prevent them from happening again.

Perform a post-mortem. Last, but not least, do a deep dive into the infection’s roots and a deeper dive into all of your systems to ensure the hackers have been booted and everything is clean. Statistics show that 50% of ransomware victims, will get infected again. This is the result of ransomware remnants not being fully cleaned out of your systems by IT.

In the end, the best way to address a ransomware infection is to not get one in the first place. For more information on how financial firms can prevent a ransomware infection or address one after it hits check out these posts:

How Do You KNOW That You Have Not Been Hacked?

Phishing Happens and MFA May Not Save You

3 Security Vulnerabilities You Don’t Realize You Have





John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.


Related posts

The Pitfalls of Unwisely Retiring Old Office Technology

The Pitfalls of Unwisely Retiring Old Office Technology

Pursuing sustainability is a noble goal and more and more environmentally conscious businesses are rising to the challenge. A common example is upgrading and then reselling old technology like routers, firewalls, and switches to others who extract more life out of...

Charging your phone in a public place? Beware!

Charging your phone in a public place? Beware!

FBI recommends avoiding free charging stations in airports, hotels, or shopping centers, as it may put your security at risk. Recently on Twitter, the FBI cautioned that, “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring...

Your Phishing Guide: How to protect your business

Your Phishing Guide: How to protect your business

One of the most common ways to breach business systems is phishing. All it takes is one employee, one email, one click and your business is at risk and your data vulnerable. Email phishing is a type of cyber-attack that has been around for many years and continues to...

Subscribe to our blog!

Get our latest thinking to keep your people productive, your enterprise running, and your data safe.

Accessibility Toolbar

Share This