Small Banks are a Step Behind Ransomware Groups, Seek Help from Congress

Ransomware attacks on smaller, community banks in the US have ramped up in recent years, putting the financial data of thousands of Americans at risk.

In May 2021, three community banks out of California and Florida were targeted by Darkside and Ragnar Locker – two prominent ransomware groups who posted evidence of the break-ins and demanded ransom.

The evidence came in the form of screenshots containing stolen customer data and was posted on the Dark Web. This is a common tactic used by ransomware groups, where they show a small sample of stolen data as proof that they successfully broke into their victims’ server in the hopes of enticing the victim company to pay the ransom.


Developing an effective response capability to ransomware requires taking specific steps for prevention, preparation, detection, verification, containment, eradication, and recovery. With LIFARS Ransomware Response Package, you will have the tools, processes, and team at your disposal to stand ready for even the most devious ransomware attack.


“Cyber threats have evolved in recent years from criminal actors seeking profit to nation-states with massive resources and technological sophistication whose goal is data gathering on our customers and businesses, systemic disruption and political damage,” said Jeff Newgard, CEO of Bank of Idaho, during a House Financial Services subcommittee hearing Wednesday. “The threats are greater than ever and continue to mount and evolve,” he concluded.

Newgard also urged Congress to modify data security standards within the financial sector to extend to retailers and technology companies: “To effectively secure customer data, all participants in the payments system, and all entities with access to customer financial information, should be subject to and maintain well-recognized standards.”

The number of ransomware attacks has increased by a whopping 1,318% in the first half of 2021 compared to that same period the previous year, according to a recent report by Trend Marco. This presents a growing challenge for smaller banks who struggle to afford the technological resources they need to protect their customers’ data from these attacks.

One common complaint among community bank owners is that “These companies have no incentives to help us adapt to the changing competitive landscape,” said Robert James, CEO of a Georgia-based community bank, referring to the main firms providing “core” banking services such as Fidelity National Informational Services, Inc. Fiserv Inc. and Jack Henry & Associates.

Carlos Vasquez, the chief information security officer at Canvas Credit Union, urged lawmakers to give federal regulators like the National Credit Union Administration and Deposit Insurance Corp. greater oversight over these smaller banks, so they can ensure that the proper cybersecurity steps are being taken.

“The vendors seem to have a playbook where they know a breach is coming but know all they have to do is wait for the next news cycle. There’s nothing to prevent them from doing so,” said Vasquez.

It is evident that change in the legislature is more than necessary. The 1999 Gramm-Leach-Bliley Act required all companies that provide financial services to maintain the safety and confidentiality of their customers’ data. However, with the growth of e-commerce and financial technology, a larger number of businesses gained access to sensitive customer information.

Bank of Idaho’s Newgard also urged more cooperation between the government and small banks by endorsing legislation requiring private companies to report any cyber-attacks to the government. However, he thinks that the government should be more proactive in doing the same and sharing intel with the private sector: “We don’t have information as it becomes available on the government side. We feel like we’re about a half step behind.”