The Rise and Rise of Ransomware

An Irresistible Business Model

Once thought to be on the decline, successful ransomware attacks against all types of companies and organisations have dotted the headlines in the last two years. In 2019, the FBI’s Internet Crime Complaint Center (IC3) received more than 2000 ransomware complaints, accounting for US$8.9 million in losses. We expect these numbers to grow, as the attack strategy now has multiple revenue streams.

Criminals used to simply hold systems or data for ransom; if you paid the money, access would be granted. However, multiple threat actors are now using a new extortion tactic: publicly naming victims and publishing their data online, which can impact firms in terms of both reputation and compliance. A third monetization strategy is auctioning compromised data off to the highest bidder on the dark web.

While the financial sector has proven resilient to these types of attacks – thanks to our strong cybersecurity culture and habits – we are not immune to this rapidly evolving threat.

In the last four months, ransomware operators have publicly claimed successful attacks against eight financial institutions, including three banks, around the world (not all have been confirmed with the firms). Large institutions with robust cybersecurity programs may be able to prevent ransomware attacks on their own networks, but they can still be impacted by third party suppliers. The Sodinokibi attack against foreign currency firm Travelex on New Year’s Eve knocked online travel money services at several banks offline. A fintech company which services some of the world’s biggest banks was hit in March by Ryuk, causing the company to pull infected servers offline. While these examples display an impact to business continuity, the supply chain vector also is a significant concern to financial institutions’ security teams. Attacks delivered via third parties have proven to be highly effective in circumventing cybersecurity defenses.

Smaller institutions with less sophisticated defenses are even more vulnerable to direct attacks; not just from highly sophisticated criminal groups but also from novice criminals who buy ready-made attack products or kits from the more technical actors using a ransomware-as-a-service (RaaS) model.

Download the report to find more.