Ransomware in the US Banking Industry Dissertation

Exclusively available on Available only on IvyPanda® Written by Human No AI

Malware attacks are one of the most common and destructive technological viruses across the globe. There are diverse classes of malware, but the most popular is Ransomware which affects various sectors of the economy. Ransomware refers to a type of malware that works by locking the targeted computer and network system (Ahmed et al., 2022). Many officials from United States have expressed their concern about the spread of Ransomware reported to the Cybersecurity National Plan for further investigation (Khlapon et al., 2022). This research paper provides a literature review related to the banking and Ransomware in the US. General knowledge of data storage, business continuity, and disaster recovery strategies are discussed. Additionally, the effects of the malware on individuals and businesses, third-party services, and advanced persistent threats are examined.

Clients’ Data are Reasonably Secure

Banks process customer data on various activities involved during the receiving of services. Information on the frequency, amount, transaction types, bank balances, and frequency of bank visits is stored. One central concept in the aspects of data privacy is “reasonable” information security. This means that data security is guaranteed to some extent but not entirely safe. The chances of loss are high if necessary steps are not taken to protect it (Ahmed, 2019). There are specific gaps facing many companies and organizations in the protection due to the changing tactics of malware manifestations.

There are five traits of data that make it to be secure in various contexts. Firstly, accuracy ensures only the correct credentials are keyed in. Errors should be minimized for the safety and relevance (Cascavilla et al, 2021). Mistakes likely to occur can lead to bank losses as some individuals may be accredited money they do not possess. Data completeness which refers to the comprehensive nature of information (Liu et al., 2022). For instance, personal details like first and last names must be filled for it to be valid. Failure to do so can lead to confusion since people’s identities can be similar.

Reliability means that one type of information does not go against another set. This occurs especially when the data is stored in more than one system. The mismatch can lead to a lack of trust and reputational damages (Dua et al., 2021). Relevance determines whether the data is needed in essential circumstances or not. Therefore, when collecting information, one must scrutinize its usage from the present and future perspectives. The timeliness of data is necessary for making decisions on organizational matters (Hsu, 2022). For instance, some types of accounts require a specific period for money maturity for withdrawal.

Business Continuity and Disaster Recovery

Bank managers must be cautious in data privacy for their operations to continue. This is done by setting recovery strategies for customer services when faced with malware inventions. Strategy objectives must be defined for the business to have a plan and direction (Alaba, 2021). This can be best done by determining the value of the company. Maintenance of technological devices used in the banks and backup plans must be considered. Steps of restoring data when a Ransomware attack is in progress must be clearly known. Data hacking sessions must be identified, and best practices to backup data should be known.

Private and Personal Data (Hacking)

The hacking of data refers to the malicious act of using a computer to access information stored on another device without permission. Additionally, the other intention of doing this is to spread a virus to other computer programs (Corea et al., 2021). In the bank setting, it entails illegal access to individual information concerning financial matters without the owner’s consent. Data pertaining to the business plans and visions can also be accessed, making it vulnerable. Three types of hacking include the black, grey, and white hat.

Black-hat cyberpunks are also referred to as an evil security pirate. These individuals access the system without permission to rob funds or do some of their own unwanted goals (Antil 2022). They mainly target banks that have weak security and escape with credit card information. White hat hackers are also known as moral crackers, and they use the exact technique by the black hat hackers. However, they can only hack the organization that they have permission to. Gray hat hackers are a hybrid between black and white hat hackers (Liu et al., 2022). They can hack any system even without permission to test the security. They do not have intentions of causing any damage or stealing money and can tell the administrators about it in most cases.

Private information hacking is when someone accesses personal information stored on computers without permission. Credentials include the address, name, social security number, and credit card credentials (Sedlmeir et al., 2021). Exposure of this information to the public may place the owner at risk of attack. The physical location can be easily traced by people who may be having bad intentions and may lead to cases of murder. The social security number was a created by the US government in 1936 to track the amount of money Americans make during their lifetime in order to calculate the social benefits. It is also useful when collecting government benefits, getting jobs and for identification purposes (Muflih, 2021). Credit card credentials refer to login information that a customer has saved in bank web servers for easy access to their accounts.

Restoring Data

Once a Ransomware attack is in progress, organizations can follow some set procedure to retrieve data before it is lost. It can be devastating, but taking action immediately can mitigate further damages (Yu et al., 2020). The first thing to be done once an organization is aware of an invasion is to stay collected and composed. Panic attacks should be calmed, and the gravity of the damage analyzed first. This can give room for negotiations with the attacker before paying. A photo of the Ransomware note on the screen should be taken immediately it appears. This can be useful in filling cases for the unauthorized people who have bad intentions to the progress.

The affected systems should be quarantined to avoid spread to other networks. This is because the malware scans the target system so as to find a way to the others (Malik & Kumar Agrawal, 2022). After that, decryption tools such as No More Ransom should be searched (Filiz et al., 2021). Once the Ransomware strain is known, it can be plugged into the system and searched for a matching decryption. Automated maintenance tasks running should be disabled on the affected systems. Such include the temporary file removal and the log rotation, which are essential. Files that might be useful for investigation and forensic analysis can be recovered.

The next thing to be done is to disconnect running backups. It has been proved that the most recent Ransomware stains go after backups to distort the efforts to recover. Further, the attack variant should be identified by the use of free services such as Emsisoft, which are available online (Barrett, 2021). These make it possible for users to upload samples of encrypted files, ransom notes left behind, and attacker information. After the attack has been found, it should be reported to the law since this is a crime. Passwords should be reset, and they should be unique and strong (Alkhaldi, 2018). Finally, a decision should be made whether to pay for the Ransomware or not. This can be determined by the level of damage that has occurred.

Backup Best Practices

This refers to the creating a copy of the information which can be recovered if primary data fails or is lost. Software and hardware failures, malicious attacks, and data corruption can lead to the loss. Some of the best backup practice includes the use of offsite storage (Corea et al., 2021). This can be cloud-based or physical servers in different locations. Data can be retrieved in case the central servers are destroyed by natural calamities. Use of the 3-2-1 regulation, which states that keep three copies of data in 2 different devices with one offsite location (Costanza et al., 2022). An example of such a backup can be a central server on the bank premises, a cloud backup, and network-attached storage drive storage. Regular data backup like after every 24 hours can make it available frequently. Regular manual test restores should be performed by selecting an archive backup.

Disaster recoveries should be performed using different servers which might be similar. This helps the technical staff review their procedures and identify deficiencies (Ghaffarian et al., 2021). Fundamental changes should be made for the business to continue its projects. Different backup types should be adopted since they can be more suitable and stable. System protective backups ensure the entire servers and applications are more flexible. Finally, a schedule that includes archive backups is applied for more security (Huang et al., 2020). The information is kept for a long time and can be retrieved anytime it is needed.

Third-Party Services

Banks in the US employ diverse methods to protect themselves from Ransomware attacks. Third-party services originate from other vendors for increased performance and security of websites. There are three types of Ransomware attacks from third parties. They include data breaches, business interruption, and movement of Ransomware to the organization. Breaching of data refers to a security violation in which protected, confidential, and sensitive information is copied, transmitted, and viewed by unauthorized persons (Masuch et al., 2022). Attacks by Ransomware drag the company’s success by disrupting its ability to conduct activities typically.

Massive harms caused require more capital to fix the damages and other maintenance services. An example of an alarming Ransomware attack that hit companies worldwide in the spring of 2017 was known as the WannaCry outbreak (Song & Ye, 2021). It affected over 200,000 computers in more than 150 countries, causing a massive data loss (Lin et al., 2021). Cloud web hosting services provided by third parties enable websites and applications to be accessible using cloud resources. A network of interconnected cloud servers works to ensure scalability and flexibility. Cloud-based software solutions give permission to users to interact with software applications operating on intercommunicated computing aids via the internet (Almashhadani, 2019). It is beneficial as it reduces the upfront costs of buying computer infrastructures like data servers and hardware. Information technology support is limited since there is a typical data center. The prices of supporting and maintaining applications are reduced since cloud vendor’s deal with upgrades and updates.

Call center services allow interaction between bank officials and customers. The incoming and outgoing calls are controlled from this platform. Customers can often make follow-ups on mistakes made during the transaction and general inquiries (Zahid et al., 2021). They are essential in the banking industry as they make services convenient to both the clients and bank workers. Customers can get access to their money any time they need to for them to make better decisions and investments. Bookkeeping services by third-party vendors help a business manage its operations. This is made possible by various accounting techniques employed in money recording and calculations. Yearly budgets are made for a smooth and organized flow of money. Lawyers represent the organization in case of any conflicting scenarios. All the legal proceedings that take place are referred to as third-party vendor services.

In order for an organization to protect itself from outsiders’ invasion, it must implement vital third-party risk management programs. Risks will be minimized, and more money will be channeled to other essential projects leading to an overall attainment of the set goals and objectives. These will help them how the third vendors operate to detect illegal actions. Companies must therefore have visibility into those suppliers to see incomplete, unknown, and inaccurate suppliers.

Advanced Persistent Threat

This refers to a targeted and lengthy cyber-attack in which an intruder gains entry to a design and remains concealed for a long time. The APT main goal is to steal data rather than cause menace damages (Shang et al., 2021). Since it requires a great deal of effort, more resources in terms of finance are needed. Therefore, high, valued cooperation such as banks is targeted since they store millions of money. APT attack groups combine highly targeted spear-phishing and other social engineering methodologies. For them to remain in the system for long without being noticed, they rewrite malicious codes and other complicated techniques. Some of these APTs are too complex that they need a full-time engagement by the administration to maintain and protect them.

The APTs work by following a procedural approach that begins by gaining access. This is done through the internet, where applications and push emails to insert malicious software into the target system (Adineh et al., 2021). A foothold is created by the use of installed software to generate backdoor channels to operate unnoticed. Once in the system, APT uses methods such as cracking of passwords to gain administrative responsibilities (Kanta et al., 2021). After these have been fulfilled, they can move laterally to access other servers, and they stage an attack (Ashta & Herrmann, 2021). The attackers further transfer all the stored information to their own systems.

Ransomware Attacks on Persons or Citizens

Human beings also suffer from the consequences brought about by incidences of assault by the third-party vendors. It occurs when the data they stored in banks disappear without their consent. In some cases, some people store their important documents like certificates in the banks where they trust that they are secure. This is because, at home, incidences such as fire outbreaks can occur and damage them (Sree, 2021). However, other individuals opt to purchase computers and other storage devices so that they can be responsible for their files. In contrast, attack vectors frequently used like software vulnerabilities and remote desktop protocol can affect them.

The attacks occur when computer owners download malware through attachments to emails. Some click links from unknown sources, which end up inserting the viruses into the devices (Kara & Aydos, 2022). Citizens incur money losses in the event of trying to get back the lost information. This is because, in some cases, they are unaware of how to approach such scenarios and need to ask for advice from other experts (Yarovenko et al., 2021). Money is required for the process and while coming up with decisions on whether to recover it or not.

Emotional breakdowns happen when information is beneficial to the plans of the individuals. In some situations, essential projects are set and stored in files on the computer to give guidance (Zhang et al., 2021). Failure to retrieve them means beginning the whole process again, which can be stressful and cumbersome. Some people may not be patient enough to redo the tasks and develop stress that contributes to affecting their emotions. Further, associated risks such as depression may lead to death due to the inability to deal with such events.

Insecurity cases may arise when vital personal information is accessed by illegal means. Credentials such as national identification numbers can be known and be used in committing of crimes (Voskobitova et al., 2021). When the cases are reported to the criminal investigators, they may find themselves at risk even if they did not do the offenses. Some of the patients registered are cyber-crimes and bullying, leading to a lowering of self-esteem and respect. This occurs when the personal information is used to change the password to social media platforms (Ifeanyi & Ukah, 2021). In some cases, murder cases are experienced where some people use others’ identities to organize for meetups. Their main aim is always the destruction and killing of the innocent souls.

Ransomware attacks can lead to job insecurities, especially for workers in big organizations. Some of them are required by the companies to have data backups in their personal computers for work efficiency (Ugwu et al., 2021). They are expected to uphold high levels of privacy of the information for them to continue serving in the organizations (Nadee & Somwang, 2021). In case of these attacks occur without their knowledge; they may lead to exposure of the client’s details. When they air their complaints to the managers concerning this issue, the workers are at risk and can be demoted (Banik et al., 2021). Since most of them depend on the money paid for their personal upkeep, they might find it difficult to satisfy their daily needs. In some cases, their families will lead unfulfilling lives as they lack the essentials such as food.

Ransomware Attacks on Organizations or Companies

Ransomware can come in a related fashion to other types of malware, and it affects the computer system when users mistakenly click insecure links. Similarly, it can occur when files are downloaded from some illegal websites (Shanthi et al., 2022). This information can manifest itself in the form of botnets, and emails. Once the links have been activated, they give room for the virus to spread to other networks (Shinan et al., 2021). This malware is unique from others because it cannot be easily flushed out by the primary input and output system (Awadh Mohammed et al., 2021). Apart from home users, Ransomware also targets businesses, thus hindering their operation. The attack can occur due to weak passwords for opening documents that can be guessed by the vendors. Lack of cyber security and training where the workers involved are not aware of how to detect the malware increases chances of attack.

Some of the impacts of this attack on businesses include permanent or temporarily losing of sensitive or proprietary data. Failure to access this data can make the organization at risks since they should be accountable. The customers have put their trust on them and do not expect in any case to encounter with contradicting scenarios. Organization activities and functions are destroyed when vital information cannot be found (Li et al., 2022). Information stored in computers comprises of clients’ details that are used in day-to-day transactions. The bank can incur huge losses if they fail to have records of the transactions for future references. A lot of time and resources are needed to deal with such calamities making the banking process cumbersome.

The company’s reputation is destroyed since trust is lost, and people may not prefer to invest their money with them. Finance matters are critical, and any negative situation can affect the whole process (Romberg et al., 2020). In case of data loss, the bank managers should make prior communications to the customers to make them aware of what is going on. However, some of them may choose to take other pathways since they lack discontentment. The customers will develop a perception of unreliability and negligence of the officials in making prior mitigation measures.

The standard organizational process and operations are disrupted since they lack a sense of direction. Idea shift from customer satisfaction and attaining of goals and objectives since, without stability in the systems, no businesses can operate. In some cases, there are more demands on expenditure than income leading to worsening the situation. Financial losses occur, disrupting the expected budget that has already been placed. This is because, in the event of data follow-up, experts must be employed to do the exercise. Payments are accompanied, which are stretched from other budgets to cater to the crisis. In the long run, the bank can have less money to continue with its activities.

The productivity rate is damaged to a greater extent than decision-making becomes impossible. Guidelines on what is to be done on a daily bases originate from planning. Failure to have the drive framework leads to poor quality of services to the clients. They may not be satisfied with their experience and decide to have other contradicting ideas. Some may give up on the investment projects since they fear that future reoccurrences of such cases can give them more losses (Heise et al., 2021). Legal consequences may result from the investors reporting the banking system (Kintonova et al., 2021). This can occur when some individuals may think that the businesses have decided to do so willingly. Huge fines imposed on these sectors can lead to their closure.

References

Adineh, A., Narimani, Z., & Satapathy, S. (2021). International Journal of Knowledge-Based and Intelligent Engineering Systems, 24(4), 331-342. Web.

Ahmed, M. (2019). International Journal of Psychosocial Rehabilitation, 23(4), 1228-1237. Web.

Ahmed, U., Lin, J., & Srivastava, G. (2022). Computers and Electrical Engineering, 100, 107903. Web.

Alaba, F. (2021). Biomedical Journal of Scientific &Amp; Technical Research, 35(1). Web.

Alkhaldi, K. (2018). Knowledge engineering approach for controlling phishing attacks in E-banking. SSRN Electronic Journal. Web.

Almashhadani, A., Kaiiali, M., Sezer, S., & O’Kane, P. (2019). IEEE Access, 7, 47053-47067. Web.

Antil, Y. (2022). Ethical hacking and hacking attacks. International Journal of scientific research in engineering and management, 06(01). Web.

Ashta, A., & Herrmann, H. (2021). Strategic Change, 30(3), 211-222. Web.

Awadh Mohammed, E., Mustapa, M., Rahim, H., & Norizan, M. (2021). Indonesian Journal of Electrical Engineering and Computer Science, 23(3), 1350. Web.

Banik, S., Gao, Y., & Rabbanee, F. (2021). . European Journal of Marketing, 56(1), 1-30. Web.

Barrett, M. (2021). New York History, 102(1), 52-81. Web.

Corea, F., Bertinetti, G., & Cervellati, E. (2021). Machine Learning With Applications, 5, 100062. Web.

Costanza, D., Coluccia, P., Castiello, E., Greco, A., & Meomartino, L. (2022). Veterinary Radiology &Amp; Ultrasound. Web.

Dua, Y., Singh, R., Parwani, K., Lunagariya, S., & Kumar, V. (2021). Signal Processing: Image Communication, 95, 116255. Web.

Filiz, B., Arief, B., Cetin, O., & Hernandez-Castro, J. (2021). Computers &Amp; Security, 111, 102469. Web.

Ghaffarian, S., Roy, D., Filatova, T., & Kerle, N. (2021). International Journal of Disaster Risk Reduction, 60, 102285. Web.

Heise, T., Frense, J., Christianson, L., & Seuring, T. (2021). BMJ Open, 11(3), e042888. Web.

Huang, Y., Cheng, Z., Zhou, Q., Xiang, Y., & Zhao, R. (2020). IEEE Access, 8, 53394-53407. Web.

Hsu, K. (2022). Extensive data analysis and optimization and platform components. Journal of King Saud University – Science, 34(4), 101945. Web.

Kanta, A., Coray, S., Coisel, I., & Scanlon, M. (2021). Forensic Science International: Digital Investigation, 37, 301186. Web.

Khlaponin, Y., Kozubtsova, L., Kozubtsov, I., & Shtonda, R. (2022). Functions of the information security and cybersecurity system of critical information infrastructure. Cybersecurity: Education, Science, Technique, 3(15), 124-134. Web.

Kara, I., & Aydos, M. (2022). Expert Systems with Applications, 190, 116198. Web.

Kintonova, A., Vasyaev, A., & Shestak, V. (2021). Information &Amp; Computer Security, 29(3), 435-456. Web.

Li, J., Stones, R., & Luo, J. (2022). IEEE Transactions on Reliability, 71(1), 63-74. Web.

Lin, W., Yang, C., Zhang, Z., Xue, X., & Haga, R. (2021). KSII Transactions on Internet and Information Systems, 15(12). Web.

Liu, D., Zhang, Y., Jia, D., Zhang, Q., Zhao, X., & Rong, H. (2022). Computer Standards &Amp; Interfaces, 79, 103560. Web.

Liu, P., Xu, X., & Wang, W. (2022). Cybersecurity, 5(1). Web.

Malik, S., & Kumar Agrawal, A. (2022). SSRN Electronic Journal. Web.

Masuch, K., Greve, M., Trang, S., & Kolbe, L. (2022). Computers &Amp; Security, 112, 102502. Web.

Muflih, M. (2021). Journal of Retailing and Consumer Services, 61, 102558. Web.

Nadee, P., & Somwang, P. (2021). Bulletin of Electrical Engineering and Informatics, 10(5), 2707-2715. Web.

Romberg, A., Diaz, M., Briggs, J., Stephens, D., Rahman, B., Graham, A., & Schillo, B. (2020). Journal of Occupational &Amp; Environmental Medicine, 63(1), 10-17. Web.

Sedlmeir, J., Smethurst, R., Rieger, A., & Fridgen, G. (2021). Business &Amp; Information Systems Engineering, 63(5), 603-613. Web.

Shang, L., Guo, D., Ji, Y., & Li, Q. (2021). Computer Networks, 189, 107937. Web.

Shanthi, T., Dheepanbalaji, L., Priya, R., Ambeth Kumar, V., Kumar, A., Sindhu, P., & Kumar, A. (2022). Materials Today: Proceedings. Web.

Shinan, K., Alsubhi, K., Alzahrani, A., & Ashraf, M. (2021). Symmetry, 13(5), 866. Web.

Song, Y., & Ye, D. (2021). International Journal of Robust and Nonlinear Control, 32(6), 3511-3526. Web.

Sree, T. (2021). International Journal of System Assurance Engineering and Management. Web.

Ugwu, F. O., Nwaosumba, V. C., Anozie, E. U., Ozurumba, C. K., Ogbonnaya, C. E., Akwara, F. A., Ogwuche, C. H. & Ibiam, O. E. (2021). Journal of Psychology in Africa, 31(2), 153-158. Web.

Yu, L., Zhou, R., Chen, R., & Lai, K. (2020). Emerging Markets Finance and Trade, 58(2), 472-482. Web.

Voskobitova, L., Vilkova, T., Nasonov, S., Khokhryakov, M., & Reshetnikov, Y. (2021).Revista Amazonia Investiga, 10(45), 252-264. Web.

Yarovenko, H., Bilan, Y., Lyeonov, S., & Mentel, G. (2021). Journal of Business Economics and Management, 22(2), 369-387. Web.

Zahid, A., Poulsen, J., Sharma, R., & Wingreen, S. (2021). International Journal of Medical Informatics, 149, 104420. Web.

Zhang, Y., Dong, K., & Zhao, G. (2021). . Personality and Individual Differences, 171, 110473. Web.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2023, July 31). Ransomware in the US Banking Industry. https://ivypanda.com/essays/ransomware-in-the-us-banking-industry/

Work Cited

"Ransomware in the US Banking Industry." IvyPanda, 31 July 2023, ivypanda.com/essays/ransomware-in-the-us-banking-industry/.

References

IvyPanda. (2023) 'Ransomware in the US Banking Industry'. 31 July.

References

IvyPanda. 2023. "Ransomware in the US Banking Industry." July 31, 2023. https://ivypanda.com/essays/ransomware-in-the-us-banking-industry/.

1. IvyPanda. "Ransomware in the US Banking Industry." July 31, 2023. https://ivypanda.com/essays/ransomware-in-the-us-banking-industry/.


Bibliography


IvyPanda. "Ransomware in the US Banking Industry." July 31, 2023. https://ivypanda.com/essays/ransomware-in-the-us-banking-industry/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1