90% of Financial Institutions Targeted By Ransomware in the Last Year

An anonymous reader shares a report: A new report from cloud security specialist Carbon Black, based on responses from CISOs at 40 major financial institutions -- including six of the top 10 global banks -- seeks to better understand the attack landscape. Among the findings are that 90 percent of financial institutions report being the subject of a ransomware attack in 2017. In addition one in 10 respondents report encountering destructive attacks unrelated to ransomware, such as application attacks and fileless malware. These potentially enable cybercriminals to move freely and laterally within an organization's network and often go completely overlooked until it's too late.

100% of all computers were targeted.

[jellomizer]

If ransom ware could find a way in, then it was successful.

Big organizations are easy picking because they have large existing networks, with decades of "Business Decisions" deems acceptable risks, vs paying to get it fixed, installed in the system. With delayed upgrades, because it may effect business flow, and legacy systems that are too critical to be upgraded.

The guys in IT try to warn them, but because they are cost center, such fixes are exceeding their budget.

Re:

[AlanBDee]

That's funny. You do realize this is a very bad place to try and plug your crappy product right? Most the people on /. are the ones in IT waving our hands at upper management because they keep trying to cut costs. We know that your statement, "Not a single virus or ransomware infestation" is complete shit!

Go over to Forbes where the silly MBA's will believe that crap.

PC Matic is whitelisting

[tepples]

PC Matic is a software whitelisting utility. PC Matic users don't get ransomware for the same reason game console users don't get ransomware. It's similar to the AppLocker functionality in Windows Enterprise edition but does not require the Enterprise upgrade.

Re:

[jellomizer]

Even if the product works, it doesn't matter because the higher ups doesn't want to invest in IT security.
It is cheaper to get hit, and fire the guy who had been complaining there was a problem for so long.
Because when ever a company gets hit, it is the IT Guy who's gross incompetence is to blame.

Should be 100%

[AlanBDee]

Slackers! Looks like 4 of the 40 institutions are so incompetent they don't even know they're being attacked.

Re:

[rickb928]

Bingo.

Re:

[Bob the Super Hamste]

I always take these stories with a hug grain of salt considering that most places view being attacked or targeted as some idiot doing a random port scan or launching blind armitage attacks against some random machine. So the takeaway here is that 90% of firms are actually looking at their log data and misunderstanding it, about 9% aren't even doing that, and about 1% realize that what they are seeing is really just bullshit noise and that they aren't being directly targeted but are being hit by the random i

I know the score

[Anonymous Coward]

90% reported being attacked and the other 10% lied about being attacked.

Backups

[PeeAitchPee]

Even before ransomware, it was always cheapest just to make and keep good backups and then when (not if) something happend on your network, you simply nuke the affected nodes to bare metal, reinstall, and restore. Seriously, fuck these guys.