Ransomware: Compliance considerations

Last week, the House Committee on Homeland Security held a hearing on cybersecurity, which focused specifically on ransomware. One of the witnesses at the hearing referred to ransomware as a “mutli-billion-dollar global racket” and cited a report which stated that ransomware accounts for 27 percent of malware incidents. Another witness stated that the both the average ransom paid for ransomware incidents, and the highest-paid ransom, had doubled from 2019 to 2020 – the average ransom in 2020 was more than $300,000 and the highest paid ransom was $10 million.

To review, ransomware is a form of malware that blocks access to files on a computer, usually by encrypting them, thereby preventing the user from accessing the data. Users are prompted to pay a ransom – often in cryptocurrency – to regain access to their files. Ransomware it not exactly a new threat – it has been around for some time. In fact, we’ve blogged about ransomware in the past. However, the trend of increasing incidents of ransomware, and the growing price-tag of those incidents, is certainly cause for concern for all organizations in the United States, including credit unions and their members.

Let’s review what some of the federal guidance on this topic:

 

continue reading »