November/December 2021

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

ABA Perspective

To Pay or Not to Pay: Ransomware Attacks Offer an Unsavory Choice

It’s the message a CEO never wants to receive: “We’ve got your data, and you need to pay up if you want it back.”

Rob Nichols, President and CEO American Bankers Association

Unfortunately, that message is landing in CEO inboxes increasingly oſten as ransomware attacks ramp up in the U.S. In just the first six months of 2021, the Financial Crimes Enforcement Network identified $590 million in ransomware-related Suspicious Activity Reports — a 42% increase from the 2020 total of $416 million. And FinCEN reports that we could be on track to see a higher transaction value for ransomware-related SARs than we’ve seen in the past 10 years combined.

Ransomware attacks, which use malware to encrypt files on a computer or mobile device and render it unusable until a ransom is paid, present companies with an unsavory dilemma: pay a ransom to a criminal actor or

6 mobankers.com

lose a potentially devastating amount of data, which could seriously compromise business operations.

Tese kinds of attacks are evolving quickly in sophistication and scope, and virtually any business could be targeted at any time. What’s perhaps most concerning is that criminal actors are increasingly targeting critical infrastructure entities, as we saw in the Colonial Pipeline incident earlier this year that caused a shutdown of a major East Coast oil provider. Tey’ve also begun branching out into “extortionware” in which the hacker not only encrypts sensitive data but then goes the extra step and threatens to publicly release it unless the institution complies with their demands.

Given the potential operational and reputational consequences of these types of cyberattacks, banks need

to have a plan in advance for how they’ll respond. Tere are a number of factors to consider.

First, while most companies do choose to pay — cyber insurer Marsh McLennan reports that more than 60% of ransomware victims pay the requested ransom — it’s not always a guarantee that the encrypted data will be fully restored. In fact, one survey of more than 5,000 IT decision-makers worldwide found that about half of those who did pay a ransom only recovered 65% of their compromised data. Twenty- nine percent said they only recouped about 50%.

And even if a company’s ransom hacker unlocks all the encrypted data aſter the ransom is paid, the company will still need to take steps to clean that data and make sure that it can’t be easily re- encrypted.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32