Embedded Files
The State of Ransomware Attacks in the Finance Industry
The State of Ransomware Attacks in the Finance Industry
An Overview
The financial services industry has started a lot of digital transformation projects in order to satisfy the needs of today's digitally focused customers. The new digital ecosystem uses microservices-based financial apps, mobile banking, cloud computing, and AI. Even though these activities increase cybersecurity risks, they are made worse by financial services and the potential for a ransomware attack in the fintech industry. Global trade is especially vulnerable to these malicious attacks, and the fintech industry has been hit hard by ransomware attacks due to its high reliance on global trade.
Global Trade Leaders have been working to develop strategies to prevent and mitigate the impact of these attacks. These strategies include improved cyber security measures, better data security systems, and better communication protocols for data sharing.
Ransomware is such a big problem in the financial services industry because hackers know that financial service providers have a big reason to pay the ransoms they ask for. This article discusses ransomware attack fintech industry in the financial world, including recent cases, statistics, and ways to prevent it.
The Financial Services' Ransomware Statistics
When asked to name the biggest threat to their companies and the financial system as a whole, the CEOs of Wall Street's six largest banks most frequently responded "cybersecurity." A "cyber run"—a serious and contagious bank run that starts with a cyber attack on a large bank's deposits—is discussed in a fascinating 2019 paper.
Even though a ransomware attack may not cause that much damage to the financial system, the numbers show how big a threat it is for each company.
During Covid-19, financial sector double-extortion ransomware attacks increased 350%.
90% of financial institutions reported ransomware attacks in 2019.
What are the Recent Ransomware Cyberattacks on Financial Institutions?
Curo Fund Services, South Africa
Financial Services Have Recently Been Targeted by Ransomware January 2022 for Curo Fund Services in South Africa. The largest provider of investment administration services in South Africa, Curo Fund Services, was hit by a ransomware attack early in January 2022. The company's IT systems were inaccessible for nearly a week. The attack hurt the company's operations even though no customer information was allegedly accessed.
January 2022, Bank Indonesia
The bank reported ransomware infections on over a dozen computers in January 2022. The attack had no effect on Bank Indonesia's operations, and only "non-critical data" was stolen. After the bank's public statement, ransomware group Conti said they had 14 GB of data they would release on the dark web if the bank didn't pay.
CNA Financial, Chicago, March 20, 2021.
The sophisticated ransomware attack that hit CNA Financial in March 2020. This attack stole data and blocked key systems. This company is a major commercial insurer in the US. In order to stop further damage from the attack, systems were shut down. For three days, the IT system outage made doing business hard for CNA Financial.
The people who carried out the attack made it more likely that they would be paid by first stealing data and then encrypting important systems. When the news broke that CNA Financial had paid a huge $40 million ransom, Phoenix, the group that carried out the attack, got what it wanted.
May 2021, AXA.
A big ransomware attack on AXA, a big insurance company, disrupted IT in Thailand, Malaysia, Hong Kong, and the Philippines. The Avaddon ransomware group stole 3 terabytes of sensitive information during the attack, including passports, customer claims, illness reports, denied reimbursements, and payments to customers. Ironically, this attack occurred after AXA announced it would no longer pay ransom for cyber insurance policies in France.
Avaddon enters a network most of the time via phishing emails. The person who opens the email runs malicious code on their computer. After US and Australian pressure, ransomware-as-a-service group Avaddon disbanded in June 2021.
December 2020, Shirbit, Israel
Shirbut is an Israeli insurance company that specializes in home, car, and travel insurance. A group called Black Shadow breached the company's network in December 2020 and started leaking stolen information online. Leaks were made public through Tweets, and a ransom of $1 million was demanded to stop them.
Shirbit stated at the time that all company systems and data were backed up. The same statement implied the attacker didn't obtain any sensitive information about policyholders.
Naz Sukhram, Canada: May 2021
Local Canadian news sources said that in May 2020, a ransomware attack hit a small accounting firm called Naz Sukhram. Hackers stole 5 gigabytes of private company data, including customers' and employees' information. Two interesting things make this small event newsworthy:
A newly discovered group called Grief was the source of the threat. The gang doesn't plan to negotiate with victims for a long time, according to a Grief member who asked to remain anonymous. Grief demands that people pay up or have their stolen information made public quickly. As long as ransomware is a lucrative way to attack computers, more groups will use it.
What is the Ransomware elimination strategy to reduce risks?
What is the Ransomware elimination strategy to reduce risks?
The four ways to stop ransomware risks listed below can give financial services companies a good place to start reducing their individual risks. These methods reduce financial sector ransomware systemic risks.
Safeguarding
Stop ransomware from happening in the first place. Your plan should include both tools and people to stop something from happening. Building a security-first culture and ongoing training are important ways to make sure employees stay alert and reduce human error.
It's harder to spot phishing emails and other attempts to trick people as ransomware attacks become smarter. Advanced tools, such as email security solutions that identify suspicious emails, can stop hackers from entering your network in the first place.
2. Prompt to notice and respond
Financial companies should have solutions in place that give them a clear view of their networks so they can quickly find malware that is spreading. Solutions powered by AI and based on how people behave can be useful.
Acting quickly is also important. Security teams should investigate real threats and set up incident response workflows to minimize damage. Protect sensitive data and key financial services.
3. Backup
Whether a financial services company is targeted by an encryption-only ransomware attack or a double-extortion attack, a solid backup plan is always beneficial. Backups can prevent important customer-facing services from going down for too long in the worst case scenario, where sensitive data is stolen before systems are encrypted. A disaster recovery plan is similar to a backup plan, but it details how to quickly get broken systems or assets back to working order.
4. Improve operational stability
Operational resilience means designing and protecting your network so you can continue to provide mission-critical financial services to customers after a ransomware attack. Resilience is harder to achieve than ransomware recovery, but it's important to try.
New rules coming into effect in the UK require financial service providers to demonstrate cyber resilience. The US Federal Reserve published a paper on ways to make operations more resilient in October 2020. Practices emphasize things like good governance, managing risks, analyzing potential outcomes, and ensuring business continuity.
Conclusion
Ransomware attacks on businesses dealing in money won't stop. CNA Financial paid ten times the Colonial Pipeline attack ransom.
Threat actors monitor financial institutions around the world. Some will always think big and try to undermine or bring down the financial system. A good ransomware mitigation strategy can reduce the amount of risks in the financial sector. Global Trade Leaders are leading the way in the fintech industry, but must remain vigilant against ransomware attack threats.
Subscribe to our playlist for latest audios from Global Trade Leaders
Watch our Global Trade Leaders features in our video
Ransomware attack fintech industry - Global Trade Leaders (1).pdfPage updated
Google Sites
Report abuse