2.

0 RANSOMWARE ATTACK

Other than that, Ransomware also one of the security challenges faced for the banking
sector. Ransomware is a type of malware that uses encryption to keep a victim's data
hostage. The vital data of a person or organization is encrypted, making it impossible for
them to access files, databases, or apps. Then a ransom is asked in order to get access.
Ransomware is frequently intended to propagate over a network and target database and
file servers, paralyzing a whole enterprise in the process. It is a growing threat, generating
billions of dollars in payments to cybercriminals and inflicting significant damage and
expenses for businesses and governmental organizations. Kenneth Bentsen, CEO of the
Securities Industry and Financial Markets Association, which planned and led the industry
drill, stated, "The financial services industry is a top target, confronting tens of thousands of
cyberattacks every day."

So, how does ransomware work? Asymmetric encryption is used by ransomware. This is a
type of encryption that encrypts and decrypts a file using a pair of keys. The attacker
generates a unique public-private pair of keys for the victim, with the private key used to
decrypt data saved on the attacker's server. The attacker usually only gives the victim the
private key once the ransom is paid, but as recent ransomware operations have shown, this
is not always the case. It's virtually hard to decode the data being held for ransom without
access to the secret key.

There are many different types of ransomwares. Ransomware (and other malware) is
frequently spread through email spam campaigns or targeted attacks. To establish its
presence on an endpoint, malware requires an attack vector. After establishing its presence,
malware remains on the system until its mission is completed.

After a successful exploit, ransomware drops and executes a malicious binary on the
infected system. This binary then searches and encrypts valuable files, such as Microsoft
Word documents, images, databases, and so on. The ransomware may also exploit system
and network vulnerabilities to spread to other systems and possibly across entire
organizations. Once files are encrypted, ransomware prompts the user for a ransom to be
paid within 24 to 48 hours to decrypt the files, or they will be lost forever. If a data backup is
unavailable or those backups were themselves encrypted, the victim is faced with paying
the ransom to recover personal files.

Ransomware-as-a-service also known as (RaaS) is a cybercrime economic model that allows

malware developers to earn money for their creations without the need to distribute their
threats. Non-technical criminals buy their wares and launch the infections, while paying the
developers a percentage of their take. The developers run relatively few risks, and their
customers do most of the work. Some instances of ransomware-as-a-service use
subscriptions while others require registration to gain access to the ransomware. Learn
more about ransomware-as-a-service.

There are some risks if the bank get attack by ransomware, firstly, they might be infecting
any device that is connected to the Internet, it means a local device as well as any storage
that is linked to the internet potentially making a gadget that is sustainable a victim of local
network. If the local network is used by a business, the ransomware may encrypt important
documents and system data disrupting services and productivity.

Secondly, the loss of data and productivity caused by ransomware may cause a cooperation
tens of thousands of dollars. Attackers with have the data will threatening the victims to pay
the ransom, they will threatening to reveal data and expose the data. Hence, for the firms
or the company who do not want to pay may face further penalties include loss asset and
litigation.

To avoid the ransomware and mitigate damage the company are attacked, first thing first is
back up the data, the easiest approach to avoid getting locked out of company’s important
information is to keep backup copies of them on hand, preferably in the cloud and on an
external hard drive. If they do become infected with ransomware, the company may wipe
their computer or device clean and restore your contents from backup. This safeguards their
data, and they won't be tempted to pay a ransom to the virus creators. Backups won't stop
ransomware from infecting the computer, but they can help to lessen the hazards.

Next, secure the company backups, make sure backup data is not accessible from the
systems where it is stored for alteration or deletion. Because ransomware will hunt for and
encrypt or erase data backups, making them unrecoverable, employ backup methods that
do not enable direct access to backup files.
Other than that, the company can use security software and keep it up to date, ensure that
all of their computers and gadgets are secured by comprehensive security software, and
that all of their software is current. Make sure update the devices' software frequently and
early, as defect patches are usually included in each release. Be careful whatever you are
click. Don’t respond to emails and text messages from people you don’t know, and only
download applications from trusted sources. This is important since malware authors often
use social engineering to try to get you to install dangerous files.

To prevent from getting the ransomware attack, avoid using public Wi-Fi networks, since
many of them are not secure, and cybercriminals can snoop on the internet usage. Instead,
consider installing a VPN, which provides company with a secure connection to the internet
no matter where they go.

If the company suspect has been hit with a ransomware attack, here some step to respond
for ransomware attack. Firstly, Isolate the infected device, ransomware that affects only one
device is a minor annoyance. Allowing ransomware to infect all of the company's equipment
is a massive disaster that might put they out of business forever. The distinction between
the two is frequently due to reaction time. It's critical to unplug the afflicted device from the
network, internet, and other devices as soon as possible to protect the safety of their
network, shared files, and other devices. The sooner you do so, the less likely you are to
infect other devices.

Second is, the company need to stop the spread, it is because ransomware moves quickly
and the device with ransomware is not necessarily Patient Zero, immediate isolation of the
infected device won’t guarantee that the ransomware does not exist elsewhere on their
network. To effectively limit its scope, the company will need to disconnect from the
network all devices that are behaving suspiciously, including those operating off-premises, if
they are connected to the network, they present a risk no matter where they are. Shutting
down wireless connectivity (Wi-Fi, Bluetooth, etc.) at this point is also a good idea.