Pub. 5 2016 Issue 2

21 s U MM E R | 2016 ADVERTISER’S INDEX Accountants | CPA Firms Cherry Bekaert & Holland 21 Elliott Davis 7 Smith Elliott Kearns & Company 13 Yount, Hyde & Barbour 3 Financial Services Northwestern Mutual 13 Secure Bank 13 Shazam 19 IT CoNetrix 2 Risk Management Credit Risk Management 23 Travelers 5 Your Guide Forward Atlanta | Charlotte | Miami | Raleigh | Richmond | Tampa | Washington D.C. cbh.com/financial G. Todd Batchelor, CPA Industry Leader, Partner Financial Services Industry Group tbatchelor@cbh.com 919.825.4264 Raleigh John T. Jobe V, CPA Partner, Financial Services Industry Group jjobe@cbh.com 804.673.5702 Richmond Find out how we can guide your bank forward 1. Pay the ransom a) Ransom is paid and files are unlocked – It has been common for the decryption key to be pro- vided after bitcoin payout of the ransom. While this would allow access to the encrypted files, it needs to be determined if the files can be trusted and if risk of reinfection exists. Remember, someone else has modified the data, and has already shown to be untrustworthy, so careful consideration needs to be made. b) Ransom is paid and files are not unlocked – Re- cently, Kansas Heart Hospital 2 was hit with ransom- ware and paid the ransom. Unfortunately, instead of providing a decryption key, the attackers asked for another ransom payout. 2. Don’t pay the ransom a) Find an available decryption key – On occasion, researchers or antivirus software makers are able to discover a way to provide decryption keys for spe- cific ransomware variants, which can then be used to decrypt the infected files. Additionally, ransomware makers can sometimes have a change of heart and release the master decryption key, as was the case with the Teslacrypt 3 ransomware. b) Recover from backups – The ideal method for dealing with ransomware encryption is to restore from recent backups; however this is only effective with a strong backup process, and only works if the backups were protected from the ransomware encryption process. The ransomware threat is going to be around for a while, so it is imperative that steps are taken to lessen the probability and impact of an infection. Keep regular, verified backups in place to ensure the integrity of the data for full restoration so that business can proceed as usual. Daniel Lindley is a Security and Compliance Consultant for CoNetrix. CoNetrix is a technology firm dedicated to under- standing and assisting with the information and cyber security needs of community banks. Offerings include: information security consulting, IT/GLBA audits, security testing, cloud hosting and recovery solutions, and tandem software, used by over 1000 financial institutions to help manage their informa- tion security programs, cybersecurity, and more. Visit our website at www.conetrix.com . 1 https://blog.malwarebytes.org/ malwarebytes-news/2016/01/ introducing-the-malwarebytes-anti-ransomware-beta/ 2 http://www.networkworld.com/article/3073495/security/ kansas-heart-hospital-hit-with-ransomware-paid-but-attack- ers-demanded-2nd-ransom.html 3 http://www.securityweek.com/ alleged-author-locker-ransomware-publishes- decryption-keys