The Marquis Ransomware Attack: A Wake-Up Call for the Banking Sector

As a provider of secure systems for managing money and a critical driver of the global economy, banking stands as one of the most essential industries today. In fact, did you know that the sector generated approximately $5.5 trillion in revenue globally in 2024 and employs millions of workers each year?

As a result of its lucrative and vital nature, the banking industry (and financial sector as a whole) is constantly under attack. This was recently demonstrated by a significant security incident involving a major fintech company.

Understanding the Marquis Ransomware Attack

Marquis, a Texas-based marketing and compliance software and services provider, recently fell victim to a ransomware attack. The incident allowed hackers to steal data from hundreds of thousands of users across 74 banking and credit union customers.

For the uninitiated, a ransomware attack is where malicious software locks up a victim’s files or system, making it inaccessible unless a ransom is paid, usually in cryptocurrency or gift cards.

Detected initially on August 14, 2025, the ransomware attack started after cybercriminals exploited a vulnerability in the company’s SonicWall firewall system. This allowed the hackers to steal confidential data, including names, addresses, phone numbers, dates of birth, financial account info, taxpayer ID numbers, and Social Security numbers.

Security researchers speculate that the Akira ransomware group was behind the attack given its similar campaigns that targeted SonicWall devices back in August and September.

According to a filing by financial cooperative and credit union Community 1^st, Marquis paid the ransom demand to prevent the leak and abuse of stolen data.

Marquis claimed that there has been “no evidence of the misuse, or attempted misuse, of personal information” as a result of the incident. However, those affected by the attack were provided with free credit monitoring and identity protection services for one to two years.

In a data breach notification, the company also stated that it has “taken steps to reduce the risk of this type of incident.” It has also enhanced its security controls by ensuring all firewall devices are fully patched and updated, rotating passwords, and deleting old or used accounts, among other things.

What Can Organizations in the Banking Industry Learn from the Marquis Attack?

With over 70 banks and credit unions affected, the ransomware attack on Marquis illustrates how a single point of failure can create an extremely broad attack surface, a hallmark of supply chain attacks. This means that organizations can implement strong defenses and strict compliance yet still find themselves at risk of breaches and operational disruption.

That said, organizations in the banking sector can strengthen their defenses from such incidents by implementing the following lessons:

1. Fortify Your Vendor Risk Management

Don’t just choose a vendor based solely on surface factors like cost or convenience. Instead, thoroughly vet them.

For example, review their security certifications, patch management practices, and incident response capabilities. Ensure they also encrypt sensitive data in transit and at rest, enforce strict access controls, and comply with industry regulations. Finally, check if the vendor has been involved in past data breaches, how they reacted, and what they did afterward to improve their security controls.

By carefully choosing your third-party vendors, you ensure proper safeguards are in place, reduce the risk of service interruptions, and eliminate potential weaknesses that may affect your operations.

2. Implement a Multi-Layered Security Strategy

The Marquis security incident involved hackers exploiting a vulnerability within the SonicWall VPN. And while security patches were likely applied to fix this flaw, it’s likely that the cybercriminals had already stolen login credentials beforehand, rendering the security patches ineffective.

So instead of relying on a single safeguard, why not implement multiple protective measures? This way, if one fails, other solutions can still defend your system and data from breaches.

Your multi-layered defense solution should include the following:

Multifactor Authentication (MFA): MFA requires users to provide two or more proofs of identity, including access badges, authenticator app approval, or one-time codes. This ensures that cybercriminals cannot access an account even if they know the user’s password.

Geo-IP Filtering: This blocks login attempts from regions where your business doesn’t operate.

Account Lockouts: Prevent brute-force attacks by locking accounts after a certain number of failed logins.

Botnet IP Blocking: Blocks malicious IP ranges from connecting to your network, reducing the risk of automated attacks.

Zero Trust Network Access (ZTNA): ZTNA requires continuous authorization and authentication for every device and user. It also grants access to only the necessary tools an employee needs to do their job.

Also read: 6 Common Network Security Vulnerabilities Your Business Needs to Know

3. Improve Your Disaster Preparedness

While Marquis was the one that experienced a ransomware attack, its clients suffered the consequences when the attackers stole login credentials and accessed confidential data. This highlights the need for robust internal disaster response plans that cover vendor failure.

Ransomware Playbooks: A ransomware playbook is a documented plan for detecting, responding to, and recovering from an attack. Your playbook must include procedures for third-party vendor breaches, outlining communication, data restoration, and notification steps.

Tabletop Exercises: These are simulations of a ransomware scenario in a controlled environment to test out the playbook, identify incident response gaps, and improve overall readiness.

Offline Backups: These are copies of your files that are isolated from your networks and the internet, ensuring their integrity and protection from ransomware and other malware. This way, even if a vendor or your own systems are encrypted, your data can be easily restored without paying a ransom.

How Techmedics Can Help Secure Your Business from Supply Chain Attacks

As demonstrated by the Marquis ransomware attack, your business can become at risk at any time of credential compromise, unauthorized access to systems and data, and operational disruption.

Fortunately, Techmedics is here to help. We offer the following managed cybersecurity services that protect your organization from malicious activity and data breaches:

Remote and Onsite Device Management: Applying configuration management and implementing security tools to ensure devices remain secure and compliant with regulations.

Proactive System Updates and Patches: Detecting and addressing system flaws through scheduled maintenance and security patches before attackers can exploit them.

Endpoint Protection: Security patches aren’t enough to protect your systems. Our Endpoint Detection and Response tools detect and address threats across every device.

Security Awareness Training: Educating your staff on security best practices, such as enabling MFA, keeping software updated, and using strong passwords.

24/7 Monitoring: Constantly scanning for suspicious activity and performance issues and addressing problems promptly.

Techmedics delivers these services to businesses of all sizes and industries in Dallas, Los Angeles, Phoenix, and Denver. We even employ local engineers that understand regional business practices and industry regulations, allowing you to benefit from customized solutions and smoother communications.

A single vendor shouldn’t cause a single point of failure for your organization. Talk to us today to get a FREE consultation.

‍