💰💣

New York State Regulated Entities Security Incident

2020-2021 1925 days ago Resolved

Incident Overview

Situation Description

The Department of Financial Services issued guidance to regulated entities regarding the growing threat of ransomware attacks, which have increased in number, scope, and sophistication.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Finance

Geographic Scope

National (US)

Response Actions

Refused to Pay Ransom / Extortion Revised Incident Response Plan Implemented Advanced Authentication Hardened Attack Surface

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Financial Data (Credit Cards, Bank Accounts) Credentials Operational / System Data

Primary Impacts

Operational Disruption Financial Loss Reputational Damage

Key Decisions Made

The Department recommends against paying ransoms to cybercriminals.; Regulated companies should implement specific cybersecurity controls to mitigate ransomware risk, including email filtering, vulnerability management, MFA, disabling RDP access from the internet, strong password management, privileged access management, and monitoring/response solutions.; The Department is considering revising its Cybersecurity Regulation to address the evolving cyber risk landscape.

Technical Analysis

Attack Method

Unknown

Vulnerability / Tool

SolarWinds Microsoft Exchange

Additional Information

June 30, 2021 To: All New York State Regulated Entities Re: Ransomware Guidance The ransomware crisis threatens every financial services company and their customers. And a major ransomware attack could cause the next great financial crisis. A ransomware attack that simultaneously cripples several financial services companies could lead to a loss of confidence in the financial system. This could happen either through an exploitation of a vulnerability in widely used software to attack many companies at once as seen recently for SolarWinds and Microsoft Exchange or through a single ransomware attack that disables critical infrastructure for financial services, such as a cloud services provider or a regional power grid. As ransomware attacks continue to grow in number, scope, and sophistication, they are fueling a sharp increase in the cost of cybercrime. Homeland Security Secretary Alejandro Mayorkas recently stated that the rate of ransomware attacks increased 300% in 2020. [1] Ransomware is costly because it is the most disruptive cybercrime. Unlike cybercrime focused on theft, ransomware sidelines organizations it shuts down hospitals, schools, and companies. It prevents consumers from getting services, patients from receiving care, and employees from working. Since mid-2020, ransomware criminals usually also steal data before deploying ransomware so that they can extort victims by threatening to publish the data so-called double extortion. As the Department of Financial Services (the Department or DFS) noted in the Cyber Insurance Risk Framework in February 2021, the cost of ransomware has also shaken up the cyber insurance market. Because of ransomware, loss ratios on cyber insurance increased from an average of 42% during 2015-2019 to 73% in 2020. [2] Increasing costs are impacting premiums and the scope of coverage. More encouragingly, rising costs are also pressuring insurers to be more rigorous in assessing the cybersecurity of their customers and...

... (truncated for display)

Quick Facts

Company:: New York State Regulated Entities
Date:: 2020-2021
Status:: Resolved
Decision Maker:: The Department of Financial Services (DFS)
Position:: nan
Published:: 30/06/2021

Source Information

Original Query

how companies improved "incident response plan" after ransomware attack 2019..2024

View Original Source

Timeline

Information Published

30/06/2021

Incident Occurred

2020-2021 (1925 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats