Ransomware Spurs New Guidance

If your credit union received an email threatening to destroy institution or member data if you don’t pay $1,000, what would your institution do?  Is it a good business decision to pay up?  Does someone really have the ability to control a computer at your institution? Ransomware is so concerning that the FBI has recently issued warnings and guidance containing instructions on how institutions can protect themselves. 

In March, the FBI also released information regarding controls useful in mitigating the risk of such malware infections and methods to quickly respond in restoring business processes. The FFIEC also issued Destructive Malware guidance in 2015 which brings awareness to malware, such as ransomware, and provides suggested process changes to your Information Security Program to ensure these risks are addressed.

Unfortunately, financial institutions need to better understand ransomware from a business and technical perspective, as ransomware is likely to continue to grow and evolve as a threat. The best defense methods are based on the awareness to the threat and solid risk management processes to assess the risks.  We look forward to discussing ransomware with you and answering your questions about this emerging threat.

Covered Topics:

US-CERT, a government information sharing resource, issued an alert March 31st highlighting two specific Ransomware variants (Locky and Samas) that have caused significant damage to financial institutions, members, and small businesses. In this presentation, we will demonstrate the impact of ransomware, review recent guidance, and explore how to leverage your risk management processes to protect your institution. Specific topics included:

  • Discussion on latest FBI and US-Cert guidance
  • Review FFIEC Destructive Malware expectations
  • Member education and outreach considerations
  • Integration into your Information Security Program

Who Should Attend?

This webinar will benefit the Directors, CEO, Information Security Officer, Network Administrator, Risk Officer, IT Managers, or other management team members involved either Information Technology or Information Security.