Pub. 5 2016 Issue 5

July 2016 31 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s This is a facilitated platform for IT personnel to share information, exchange ideas, and discuss important issues with peers. This is a tremendous oppor- tunity to network with your counterparts from across the state and to improve your effectiveness as an IT professional. Recommended for 6.5 hours CPE credit. Limited to 30 participants per location. A timely and exciting opportunity for bank technology professionals! 2016 Sept. 28 • Hays Sept. 29 • Topeka Refreshments Provided by This is a facilitated platform for IT personnel to share information, exchange ideas, and discuss important issues with peers. This is a tremendous oppor- tunity to network with your counterparts from across the state and to improve your effectiveness as an IT professional. Recommended for 6.5 hours CPE credit. Limited to 30 participants per location. A timely and exciting opportunity for bank technology professionals! 2016 Sept. 28 • Hays Sept. 29 • Topeka Refreshments Provided by What if we’ve already been infected? If ransomware infection isn’t prevented, then recovery or restoration of the data after encryption needs to be addressed. Whether or not to pay the ransom may seem like an easy decision; however, depending on the quality of the backups and the user’s situation, it may become more complicated. Before you make a decision, keep these scenarios in mind: 1. Pay the Ransom • Ransom is paid and files are unlocked — It has been common for the decryption key to be provided after bitcoin ayout of the ransom. While this would allow access to the encrypted files, it needs to be determined if the files can be trusted and if risk of reinfection exists. Remember, someone else has modified the data, and has already shown to be untrustworthy, so careful consideration needs to be made. • Ransom is paid and files are not unlocked — Recently, Kansas Heart Hospital 2 was hit with ransomware and paid the ransom. Unfortunately, instead of providing a decryption key, the attacker asked for another ransom payout. 2. Don’t Pay the Ransom • Find an available decryption key — On occasion, researchers or antivirus software makers are able to discover a way to provide decryption keys for specific ransomware variants, which can then be used to decrypt the infected files. Additionally, ransomware makers can sometimes have a change of heart and release the master decryption key, as was the case with the Teslacrypt 3 ransomware. • Recover from backups — The ideal method for dealing with ransomware encryption is to restore from recent backups; however this is only effective with a strong backup process, and only works if the backups were protected from the ransomware encryption process. The ransomware threat is going to be around for a while, so it is imperative that steps are taken to lessen the probability and impact of an infection. Keep regular, verified backups in place to ensure the integrity of the data for full restoration so that business can proceed as usual. Daniel Lindley is a Security and Compliance Consultant for CoNetrix. CoNetrix is a technology firm dedicated to understanding and assisting with the information and cyber security needs of community banks. Offerings include: information security consulting, IT/GLBA audits, security testing, cloud hosting and recovery solutions, and tandem software, used by over 1000 financial institutions to help manage their information security pro- grams, cybersecurity, and more. Visit our website at www.conetrix.com. 1 http://bit.ly/1YnejLm 2 http://bit.ly/1XNrAPr 3 http://bit.ly/1cvVyTy