What to Do If Your Financial Firm Gets Infected with Ransomware

by | Jan 21, 2020 | Security, Strategy

What to do if your financial firm is hit with ransomware

Ransomware happens.  You do your best to prevent it from happening to you, but inevitably someone clicks on something they shouldn’t or your protection tool misses the latest strain of hack and your systems get infected.  There is no “one size fits all” solution for firms in the complex, regulated financial services industry. Whether you’re a bank, financial adviser or real estate broker, here are some essential things to do and not do that have proven effective for our clients.

Stay calm when you learn that you’ve been infected. We’ve seen companies get hacked and then compound the issue by making poor decisions in their panicked attempt to fix things. A harried approach makes the whole ordeal a lot worse. Breathe.

Activate your Incident Response Plan.  It’s there for a reason. It helps you avoid panic and it covers all the bases. Follow the plan. If you don’t have a plan, once everything has settled down, make one. You can google “IT incident response plan” and find a template to get started.

Stop the ransomware still running rabid through your systems.  Identifying a breach is the first step, but noticing the effects of the ransomware breakout does not stop its march. It is still infecting machines. Stop it immediately by

  • Removing the infected machine(s) from the network. Pull the network cable, shut off the WIFI, or turn the machine off.
  • Look at the infected files to see which login is now the owner by right clicking over the file and choosing Properties and looking at the Security tab.  This is the one that is infecting the files and often points to the root user or computer that started the outbreak. Scan and clean that machine first.
  • Scan the infected machines and all computers. Run your anti-virus and anti-spyware cleanup on all computers. The infected computer will have a readme file or have a pop-up with ransomware instructions and in that it should show the strain of infection you have.
  • On a clean machine do a Google search to find cleanup tools for that ransomware strain. Run the tool on the infected machines. Then run scans on all machines.

Notify the appropriate regulatory bodies and financial partners. Financial firms often need to let a federal agency know about any successful security breaches. Get it done ASAP to demonstrate that you are on top of the problem.

Communicate the situation and recovery efforts internally. Let your users know that you are aware of the ransomware outbreak, you are handling it, and things are under control. You want all of your users to stay calm too.

Let the FBI know. Yes, that FBI, and they really do want to know so they can help globally track these hacks and prevent them from happening again.

Perform a post-mortem. Last, but not least, do a deep dive into the infection’s roots and a deeper dive into all of your systems to ensure the hackers have been booted and everything is clean. Statistics show that 50% of ransomware victims, will get infected again. This is the result of ransomware remnants not being fully cleaned out of your systems by IT.

In the end, the best way to address a ransomware infection is to not get one in the first place. For more information on how financial firms can prevent a ransomware infection or address one after it hits check out these posts:

How Do You KNOW That You Have Not Been Hacked?

Phishing Happens and MFA May Not Save You

3 Security Vulnerabilities You Don’t Realize You Have

John Ahlberg, CEO, Waident Technology Solutions

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.


Related posts

9 Steps Manufacturers Can Take to Prevent a Ransomware Attack

9 Steps Manufacturers Can Take to Prevent a Ransomware Attack

Recent attacks on critical suppliers in the gas and food industries have illustrated how hackers attack easy targets, inflict serious pain, and extract easy money from pressured executives. Using what we've learned from recent attacks here are 10 steps manufacturers...

Choosing an MSP: No. 2. Strategic Alignment and POV on IT

Choosing an MSP: No. 2. Strategic Alignment and POV on IT

Does the MSP share our vision for IT and its purpose? Financial viability is critical for an MSP. Prudent financial management ensures that the proper investments are being made in the business and that the MSP can survive the booms and busts of technology trends....

Share This