US, EU removes several Russian banks from SWIFT payment gateway WASHINGTON: US banks are preparing for retaliatory cyberattacks after Western nations slapped a raft of stringent sanctions on Russia for invading Ukraine, cyber experts and executives said. Tensions between Russia and the West escalated on Saturday as the US and its allies moved to block some Russian banks from the SWIFT international payment system and placed curbs on the Russian central bank’s international reserves. Western governments have warned for weeks that the tensions could spark massive cyberattacks from Russia or its supporters. Some executives said the latest measures may be the trigger. “There will be some retaliatory measures taken by them, and I think in the least costly way that they can do it — that means some kind of cyberattack,” said Steven Schweitzer, a senior fixed income portfolio manager at the Swarthmore Group in New York. Global banks, already top targets for cyberattacks in peacetime, are increasing network monitoring, drilling for cyberattack scenarios, searching their networks for threats and lining up extra staff in case hostile activity surges, according to cybersecurity experts. Among the threats they are preparing for: Ransomware and malware attacks; denial-of-service attacks that take down websites; and data wiping and theft, possibly simultaneously. “Banks are incredibly prepared. They have taken out their playbooks and it is practice, practice, practice,” said Valerie Abend, who leads Accenture’s global financial services security group. The largest US banks, JPMorgan Chase & Co., Citigroup Inc., Bank of America Corp., Wells Fargo & Co., Morgan Stanley and Goldman Sachs Group Inc., either did not respond to requests for comment or declined to discuss their cybersecurity plans. As guardians of critical national financial infrastructure, global banks are subject to strict operational risk rules and have some of the highest cyber security standards in corporate America, according to cyber experts. The industry regularly plans for attacks and completed a massive, system-wide ransomware drill in November, according to the Securities Industry and Financial Markets Association, which led the exercise. Leading up to the invasion, there has been a more concerted industry effort to ensure banks’ incident responders are on high alert and that they had increased monitoring, Abend said. The New York Department of Financial Services and the US Cybersecurity and Infrastructure Security Agency have warned private companies to be vigilant for threats. “We wouldn’t be doing our due diligence if we weren’t preparing for that,” said Teresa Walsh, global head of intelligence at the Financial Services Information Sharing and Analysis Center, an international group of institutions that share cyber intelligence. “Right now, they’ve been warning in generalities — just be prepared. We are trying to put some more specificity to it,” Walsh added.