Financial Services and the Evolving Ransomware Threat

There’s no doubt about it, ransomware attackers are increasingly targeting organizations in the financial services sector. As reported by Berkley Financial Specialists, financial institutions reported 635 ransomware-related events in the first half of 2021. That’s a 30% increase over the same from the previous year. 

Along those same lines, exchanges and other financial institutions made over $590 million in payments tied to ransomware attacks for H1 2021. That’s more than the $416 million they spent across all of 2020, noted Berkley Financial Specialists.

Why RansomOps Attackers Target Financial Services

Attackers’ continued interest in targeting financial institutions aligns with larger trends that are shaping the ransomware threat landscape. Chief among those developments is the rising sophistication of complex ransomware operations–or RansomOps™–which involve highly targeted, complex attack sequences by sophisticated threat actors. 

Unlike early iterations of ransomware attacks that relied on "spray-and-pray" tactics to infect large numbers of victims while seeking relatively small ransom demands, RansomOps attacks are much more sophisticated and akin to the stealthy operations conducted by nation-state threat actors. RansomOps are typically "low and slow" attacks that seek to remain clandestine and spread through as much of the target network as possible before the ransomware payload is delivered to encrypt data and a ransom demand is issued.

The increased sophistication is also evident in that some ransomware gangs have begun using multiple means of extortion to pressure their victims. Common data types targeted for use in double extortion schemes include Protected Health Information (PHI), Personally Identifiable Information (PII), Account Credentials, Intellectual Property (IP) and more.

That said, there is something special about financial services data–If there wasn’t, then financial services firms wouldn’t be 300% more likely to suffer a digital attack than organizations in other sectors. ACA Global attributed at least part of this unique focus to the types of data handled by financial services organizations. That information includes clients’ personal and financial details, trading models, business strategies, and portfolio positions.

Financial Services Anti-Ransomware Challenges

Many organizations in the financial services sector struggle in their fight against ransomware due to a lack of cybersecurity awareness among board members. McKinsey noted that three quarters of firms were already or planning to integrate cybersecurity and operational resilience in their reports to the board, but the type and number of metrics used in those reports varied widely depending on the organization. They didn’t always connect security and business priorities in a meaningful way, so they didn’t always have their intended value.

A global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that 73% of financial services organizations indicated their company had suffered significant revenue losses following a successful ransomware attack, and 23% said the attacks resulted in staff layoffs.

Not only that, but financial organizations don’t always have the solutions they need to defend against digital threats like ransomware. In March 2021, for instance, WeLiveSecurity reported on a survey where 28% of businesses revealed they weren’t actively investing in new solutions to safeguard their finances or were unsure if they were making those types of investments.

Financial Services Ransomware Strategies

Financial services organizations can overcome the challenges discussed above by changing their approach to obtaining executive buy-in for security efforts that could help to defend against ransomware. Security awareness training of all employees and regular conversations with the board can both help in this regard.

Once they have the necessary support, organizations need to deploy the right solution to defend their systems and data against ransomware. In the Cybereason study cited above, 49% of participants said the ransomware attack against their organization was successful because they did not have the right security solutions in place: just 67% of organizations had a next-gen antivirus (NGAV) solution deployed at the time of the attack, 46% had a traditional signature-based antivirus (AV) in place, and only 36% had an Endpoint Detection and Response (EDR) solution in place. To better prepare for ransomware attacks, 68% said they are planning to add new technologies.

The Cybereason Predictive Ransomware Protection solution is capable of detecting the earliest signs of a ransomware operation and conducting automated prevention within milliseconds. With the ability to block obfuscated ransomware--plus the addition of artificial intelligence on every endpoint, encryption prevention, rollback capability, and visibility from the kernel to the cloud--the Cybereason Predictive Ransomware Protection represents the most capable ransomware defense available on the market.

This is why Cybereason is the only security provider that remains undefeated in the fight against ransomware, protecting every customer from threats like the DarkSide Ransomware that shut down Colonial Pipeline, the REvil Ransomware that disrupted meatpacking giant JBS and IT services provider Kaseya, the LockBit Ransomware that struck Accenture, and every other ransomware family.

Cybereason is dedicated to teaming with Defenders to end ransomware attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about the Cybereason Predictive Ransomware Protection solution, browse our ransomware defense resources, or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed