This interesting report provides the “tick tock” of a ransomware attack on a small US bank, including the role of cyber insurance in the recovery.
The details reveal the bank did not require email MFA prior to the incident. It was able to keep processing debit cards only because that system was operated by an AS/400 IBM mainframe (a platform discontinued in 2013, according to the Web.)
“Within 15 minutes, a message was displayed on the email server: The bank had been attacked by ransomware hackers. Servers and resources across the bank were failing; every printer in the bank began printing a 352-page letter from the attackers.”
“’As we decrypted on Sunday, we would notice they would immediately re-encrypt,’ (the CEO) says. ‘How are they doing that? There’s no access from the outside world. How are they re-encrypting our hardware, our servers? We learned they had used our own hardware against us.’ Any Bank’s 270 PCs in the field had been compromised with malware that would reinfect the servers—and with more than 300 encryption keys coming from any number of the 270 PCs, the scale of the re-encryption was exponential, Smith explains.”
Inside one community bank’s cybersecurity nightmare scenario.
Source: The anatomy of a ransomware attack | ABA Banking Journal