July 2, 2021 | less than a minute read

NY regulator releases guidance on preventing ransomware attacks

Get in touch

Karen Lust

Counsel

Get in touch

Karen Lust

Counsel

The FBI and other enforcement agencies discourage paying cybercriminals, in order to lower the financial incentive for the burgeoning illicit industry of ransomware attacks. However, there are practical steps that organizations can take to strengthen their cybersecurity and technical defenses against hackers. The New York State Department of Financial Services has provided a list of controls for companies to implement - and they are helpful to companies generally, not just to those in the financial industry.

Ransomware incidents have increased in frequency, scope, and sophistication. The reported rate of ransomware attacks increased 300% in 2020. Larger extortion payments have financed the development more effective hacking and ransomware tools and added more hackers to their ranks. The Department therefore joins the FBI in recommending that companies avoid making ransomware payments if their networks are compromised. DFS has examined the ransomware incidents reported by its regulated entities over the past year and a half and has observed that they follow a similar pattern: hackers enter a victim’s network, obtain administrator privileges once inside, and then use those elevated privileges to deploy ransomware, avoid security controls, steal data, and disable backups. DFS urges all regulated entities to prepare for a ransomware attack by implementing measures such as: Train Employees in Cybersecurity Awareness and Anti-Phishing; Implement a Vulnerability and Patch...