Stopping ransomware attacks before they can take place

Gaetano Ziri, Software Engineer at Auriga, discusses how financial institutions are up to 300 times more likely to suffer a cyberattack, and advises on how to prevent this.
Gaetano Ziri, Software Engineer at Auriga, discusses how financial institutions are up to 300 times more likely to suffer a ransomware attack, and advises on how to prevent this.

Remote working resulted in the increase of distributed endpoints, from laptops to smartphones to Internet of Things (IoT) devices, which pose a constant security risk to both individuals and financial institutions – these act as ideal “entry points” for cybercriminals. They send phishing emails or malicious attachments to bank employees, targeting any device that can be manipulated to gain access to the entire network. Endpoints are the first point of a cyber-attack and create an attack surface for further malicious activities. Financial institutions must therefore be aware of and implement preventative measures against these potential cyber risks, as they are prime targets for a litany of attacks including ransomware due to the vast quantities of confidential data relating to its customers and employees. In effect, ransomware blocks access to infected endpoint resources unless the ransom is paid.

In fact, the offensive against the financial sector has intensified in the last year because of the pandemic. Palo Alto Networks’ research arm, Unit 42, revealed that cybercriminals across USA, Canada, and Europe are making and demanding more money than ever. There has been a 171% year-over-year increase in the average ransom paid for organizations from US$115,123 in 2019 to $312,493 in 2020. With the highest ransom paid by an organization doubling from $5mn (2019) to $10mn (2020). Between 2015 and 2019, the highest ransomware demand was $15mn, but this figure jumped to $30 million last year. Both the European Central Bank and the International Monetary Fund (IMF) have noted this increase in cyber-attacks aimed at financial institutions. Even if no serious security breaches have been opened, the losses of the institutions already amount to several million euros in the last year alone.

Standalone solutions aren’t enough

To circumvent such attacks, financial institutions must act now and enhance their operational resilience. Ransomware has evolved into a ‘service offering’ known as Ransomware-as-a-Service (RaaS) that enables cybercriminals, that are unfamiliar with malware development, to outsource this skill and deploy an attack with relative ease. Essentially, it is a subscription-based model that enables affiliates to use already-developed tools to carry out attacks. Unfortunately, there are still too many financial institutions relying on standalone solutions, instead of consolidating several. A variety of protection mechanisms on a single platform are now essential including:

  • Application whitelisting: this layer prevents the execution of malware or unauthorized software by defining a whitelist of processes that can be executed on the ATM
  • Full encryption of all hard disks and media: without this protection mechanism, cybercriminals can steal hardware or reconstruct products through reverse engineering, which allows them to inject malware onto the hard disk and then replace it at another bank branch.
  • File system integrity protection: this prevents any attempt to modify a critical file for anyone unless the process of software updates is already predefined.
  • Hardware protection: it prevents the connection of fraudulent hardware and blocks devices that are not included in the whitelist.
  • Firewall and use of best practices to prevent network attacks.
Building a wall of protection

Network segmentation is a good defense strategy to prevent network-based attacks on ATMs, it divides the corporate network into different areas that are only partially networked or not networked at all. It is mission-critical to ensure that only legitimate traffic is allowed through to critical resources. In this case, the ATM network should be separated from the rest of the corporate IT network, reducing the risk to this part of the environment. While network segmentation is not a new concept, it is rising in popularity and gaining traction among banks. The trend is to segment internal networks to prevent extraneous traffic.

Other effective solutions include artificial intelligence and machine learning, which are playing an increasing role in cybersecurity to detect attacks at an early stage. Various security tools analyze data from millions of cyber incidents and use it to determine potential threats. With network traffic analysis, an employee account behaving strangely (from clicking on a potential phishing email or a new variant of malware) can be more easily identified. Emerging issues are immediately detected and blocked by AI and ML, stopping the cyber-attack in its track before it can even negatively impact business operations.

Machine learning tools are valuable for fraud prevention, and most experts would agree that it has become essential for mitigating cybercrime. On a high level, detecting fraud is about learning the difference between normal spending behaviors and unusual, fraudulent purchases. With machine learning, the technology can analyze all available data and educate itself on the difference between an honest transaction and a fraudulent one.

Financial institutions can also consider whitelisting to allow controlled access to system resources. For example, if a customer provides personal information during a video call or remote consultation, the USB ports of the operator’s workstation should be locked to prevent the video file from being stored on an external device. 

Organizations must find new ways to use their existing resources more effectively. This can be done in several ways:

  1. Automating more processes to identify and respond to issues in real time before they impact business operations.
  2. Equalizing workloads based on broader threat analysis, with a particular focus on, for example, data leaks or introduced malware.
  3. Breaking down silos by introducing advanced self-service platforms. 
  4. Consolidating activities, for example through an effective cybersecurity strategy with proactive device monitoring to maintain service availability.


To increase the cybersecurity of ATMs, assisted self-service terminals of a bank, and endpoints one should not rely solely on standard anti-virus and anti-malware programs, but also look towards advanced technology. Financial institutions should invest in comprehensive, channel-integrating end-to-end solutions, this way, the ATM no longer counts as a separate silo but part of an omnichannel. This ensures all centralized ATM security operations are on a single platform, with minimal impact on device performance. When financial institutions address the threat situation and adapt their processes, they make a valuable contribution that ultimately protects not only the financial institution but also customers from harm. Cybersecurity is a long-term investment and organizations must continue to teach customers and employees how to identify potential threats through training, education, and awareness programs.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of ransomware, Security, Stopping ransomware attacks before they can take place

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Hacking Cyber Security’s battle for workers

Andrew Marsh • 30th September 2022

Cyber attacks are increasing exponentially, cyber professionals are quitting, and ultimately, no one is replacing them. Worldwide, the cyber workforce shortfall is approximately 3.5 million people. We have a mountain to climb. While there are rising numbers of people with security degrees and qualifications, this falls way short of industry demand.

Getac becomes British Touring Car Championship official technology partner

Chris Gibbs • 29th September 2022

In competitive motorsports, the smallest detail can be the difference between winning and losing. Getac is the official technology partner to the British Touring Car Championships (BTCC) helping it achieve its digital transformation goals, putting a wealth of information at the fingertips of both race officials and teams alike, and helping deliver incredibly exciting racing.

The Time is Now for Digital Transformation

Paul Waddilove • 29th September 2022

According to a McKinsey research report, 70% of enterprises that had taken on digital transformation reported in 2020 that their momentum had stalled. It is worth understanding the reasons–culture or scale for example–causing the slowdown as the payoffs from digital transformation can be impressive. It can lead to more efficient operations, with enterprises enjoying autonomy...

Addressing the environmental impact of the data centre

David Watkins • 29th September 2022

David Watkins, solutions director at VIRTUS Data Centres , share how you may have seen the recent news that Thames Water has launched a probe into the impact of data centres on water supplies in and around London, as it imposed a hosepipe ban on its 15 million customers in a drought-hit area. Ensuring that...

How Can Businesses Ensure Efficient Management of COSU Devices

Nadav Avni • 29th September 2022

Nadav Avni, Chief Marketing Officer at Radix Technologies, shares how when it comes to speeding up queues and providing instant information, nothing beats corporate-owned, single-use (COSU) devices. When put in kiosk mode, these devices become efficient digital assistants that collect and share information.

The Cloud – Debunking the Myth

Guy Parry Williams • 26th September 2022

Mid-sized businesses are head down, wrestling with constantly evolving operational challenges, from skills shortages to supply chain delays and raging inflation. Management teams lack the time and often confidence to explore technology innovation and, as a result, too many companies are missing vital opportunities to cut costs, boost efficiency and reach new customers.