• This page, Cyber-threats and attacks for non-depository institutions, is   offered by
  • Division of Banks

Guidance  Cyber-threats and attacks for non-depository institutions

To the Chief Executive Officer of the Institution Addressed:

As you know from news reports, a global ransomware campaign is affecting over 100,000 (plus) computers in more than 155 countries. The ransomware exploits a vulnerability in Microsoft Windows, particularly the Windows XP operating system. The issue primarily relates to “computer hygiene,” that is, keeping your computers up-to-date and patched. Specific information about patching for this ransomware exploit (Microsoft patch for the MS-17-010 SMB vulnerability dated March 14, 2017) is on the US-CERT website.

Table of Contents

Prevention is the most effective defense against ransomware, and it is critical to take precautionary measures for protection. Most important:

  • Never open attachments or follow links included in unsolicited e-mails.
  • Back-up your data, particularly sensitive or proprietary data, in a separate secure location.
  • Keep your anti-virus software up to date.

Massachusetts General Laws chapter 93H, and Massachusetts regulation 201 CMR 17.00 et seq. establishes guidelines to safeguard the personal information of residents of the Commonwealth. The statute requires any person holding personal information about a resident of the Commonwealth to maintain a Written Information Security Program (WISP) and to report any known breach of security to the Attorney General and the Undersecretary of Consumer Affairs and Business Regulation as soon as practicable and without unreasonable delay. It is the Division's expectation that a Licensee impacted by the ransomware will also report this to the Division as a data breach / significant event. If you have any questions about the Division's expectations regarding cybersecurity, please contact Chief Director Danielle Sherbertes at danielle.sherbertes@state.ma.us or 617-956-1553. To report a data breach or discuss sensitive information, please use secure email when contacting Ms. Sherbertes.


Terence A. McGinnis

Commissioner of Banks

Massachusetts Division of Banks

Downloads   for Cyber-threats and attacks for non-depository institutions

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.