Ransomware Attacks Pose Serious Threat
As the cybersecurity landscape continues to worsen across the globe, of particular concern is the alarming rise in ransomware breaches, especially within the financial services sector. According to the Financial Crimes Enforcement Network, cyberattacks, and ransomware specifically, are the most significant threats to U.S. financial institutions.
With more pervasive and sophisticated methods, ransomware attacks continue to create a new level of threat for the industry. Last year, 55 percent of financial organizations fell victim, up from 34 percent the previous year – a 62 percent increase.*
Research by Trend Micro Inc. found that the banking industry has been disproportionately affected by ransomware, experiencing a 1,318 percent year-on-year increase in attacks in the first half of 2021.
What Exactly Is Ransomware?
Ransomware is a type of malicious software (malware) designed to block access to a computer system or data. It often encrypts the data and locks the system’s screen or user’s files, then spreads to shared storage drives and other accessible systems.
Cyber attackers hold the system or data “hostage” until a ransom is paid. Usually, the ransom is a substantial amount of money or cryptocurrency.
If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted. An emerging tactic is for the cybercriminals to steal sensitive data and threaten to publicly disclose it or sell it if the ransom isn’t paid, creating a double extortion scheme.
Mitigating the Risks
Early detection of a cyberattack is always important, but it is even more crucial with ransomware. Recognizing and eliminating the attack before the data is encrypted is vital, because once you see the ransom demand message, the damage has already been done.
Whatever the size of your business, it’s critical to invest in anti-malware solutions that monitor your network for any malicious activity. These techniques include signature-based detection, behavior-based detection, and detection through abnormal traffic.
Also, educate employees on how to detect ransomware and the action to take if they notice a suspicious email or link. Most ransomware attackers leverage human error to compromise systems.
While early detection is crucial, organizations must also implement effective ransomware recovery measures in case of an attack. So, it’s important to have a comprehensive data backup strategy. Data backups can restore the data to normal, as well as remove the infection, which eliminates the question of having to pay the ransom.
Should You Pay?
FBI and Department of Homeland Security recommend that companies avoid paying ransoms, because doing so encourages more attacks.
The decision of whether to pay the ransom should be made carefully at the organization’s highest level. And understanding what happens if you pay is key to making that decision.
Theoretically, if you pay the ransom, the attackers will provide a decryption tool and withdraw the threat to publish stolen data. But payment is no guarantee that all data will be restored. Gartner, Inc. notes the following realities of ransomware that must be considered:
On average only 65 percent of the data is recovered, and only 8 percent of organizations recover all their data.**
Encrypted files are often unrecoverable. Attacker-provided decrypters may crash or fail. You may need to build a new decryption tool by extracting keys from the tool the attacker provides.
Recovering data can take several weeks, particularly if a large amount of it has been encrypted.
There is no guarantee that the hackers will delete the stolen data. They could sell or disclose the information later if it has value.
Before negotiating with attackers, it’s important to engage a professional incident response team and consult law enforcement and regulatory bodies.
However, the best alternative to the pay-or-don’t-pay dilemma is to have a business continuity plan in place and to proactively defend your financial institution against ransomware attacks.
*source: The State of Ransomware in Financial Services 2022, Sophos report
**source: The State of Ransomware 2021, Sophos report