CYBERSECURITY: RANSOMWARE ALERT
The Office of Compliance Inspections and Examinations (OCIE) is committed to working with financial services market participants, federal, state and local authorities, and others, to monitor cybersecurity developments, improve operational resiliency, and effectively respond to cyber threats.
Recent reports indicate that one or more threat actors have orchestrated phishing and other campaigns designed to penetrate financial institution networks to, among other objectives, access internal resources and deploy ransomware. Ransomware is a type of malware designed to provide an unauthorized actor access to institutions’ systems and to deny the institutions use of those systems until a ransom is paid.
OCIE has also observed an apparent increase in sophistication of ransomware attacks on SEC registrants, which include broker-dealers, investment advisers, and investment companies. The perpetrators behind these attacks typically demand compensation (ransom) to maintain the integrity and/or confidentiality of customer data or for the return of control over registrant systems. In addition, OCIE has observed ransomware attacks impacting service providers to registrants.
In light of these threats, OCIE encourages registrants, as well as other financial services market participants, to monitor the cybersecurity alerts published by the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA), including the updated alert published on June 30, 2020 relating to recent ransomware attacks.
OCIE further encourages registrants to share this information with their third-party service providers, particularly with those that maintain client assets and records for registrants.