Presented by the Privacy and Data Security Practice Group

Ransomware Attacks Now Hitting Small Community Banks

June 7, 2021

The recent ransomware attacks on Colonial Pipeline and JBS have garnered a significant amount of public and media attention. However, smaller, lesser known ransomware attacks are more prevalent than ever. Recently, two ransomware attack groups, Darkside and Ragnar Locker, posted evidence on the internet that they have infiltrated community banks in the states of California and Florida.

As many readers are aware, in the past year, a new tactic by attackers is to infiltrate a company’s computer system, exfiltrate data and then begin the ransomware attack. The attackers threaten to post publicly the data that has been exfiltrated to add to the increasing pressure on businesses to pay the ransom.

While attacks on large businesses make the headlines, the now almost daily occurrences of ransomware attacks against smaller businesses are just as troubling. A recent Verizon Data Breach Incident Report indicates that almost 10% of all data breaches now involve ransomware, doubling the number from the prior year. Verizon’s report also found that approximately 96% of data breaches at banks and insurance companies are financially motivated. Smaller community banks and financial companies may have less sophisticated and robust data security, and data security personnel, which makes them very inviting targets.

The ongoing onslaught of ransomware attacks has renewed calls by many experts in the field for the federal government to develop better security guidelines and potentially laws that prohibit the payment of ransoms. As long as criminals know ransoms are likely to be paid, these attacks will continue. Until then, all companies large and small should make cybersecurity a priority and ensure they have adequate cyber insurance that covers extortion payments. While the payment of a ransom is incredibly unpleasant, the alternative, having your business cease to function without obtaining the de-encryption key to retrieve your data, could be even worse.

^{The material in this law alert has been prepared for our readers by Marshall Dennehey Warner Coleman & Goggin. It is solely intended to provide information on recent legal developments, and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship.}

^{We welcome the opportunity to provide such legal assistance as you require on this and other subjects. If you receive the alerts in error, please send a note to tamontemuro@mdwcg.com.}