Ransomware in the financial sector: new threats

The main delivery method for ransomware is through phishing emails. Source: Lightspring via Shutterstock.

Ransomware is a type of malware designed to block access to a computer system until a large sum of money is paid and has emerged as a serious threat in various sectors.

Given its key role in the global economy and processing huge amounts of sensitive data, the financial services industry has become a particularly attractive target for ransomware attacks.

Ransomware attacks have become more sophisticated over time, with cybercriminals using advanced techniques to carry them out. They added measures such as preemptive early data exfiltration to pressure victims to pay the ransom.

Common ransomware attack vectors

Cybercriminals typically demand ransom in a ransomware attack by encrypting a victim’s computer system or data and then demanding a ransom payment in exchange for providing a method to decrypt it. They may also copy the victim’s data during the attack and threaten to sell or publish it if the ransom is not paid.

Ransomware attacks have evolved to include additional tactics such as proactive early data exfiltration, where cybercriminals steal data before encrypting it and then exploit it.

The main delivery method for ransomware is through phishing emails. Their goal is to trick users into performing actions without them realizing their malicious intent. Phishing emails can typically be sent to multiple recipients at once, making them a profitable method for cybercriminals to target a wide range of people and organizations. This increases the risk of someone falling victim to a phishing attempt. Cybercriminals take advantage of the lack of awareness among target users to increase the effectiveness of their attacks.

Access the most comprehensive company profiles on the market, powered by GlobalData. Save hours of research. Gain a competitive advantage.

Company Profile – free sample

Thank you!

You will receive a download email shortly

We are sure of the exceptional quality of our company profiles. However, we want you to make the most beneficial decision for your business, which is why we offer a free sample, which you can download by submitting the form below

By GlobalData

Check here to unsubscribe from receiving selected industry news, reports and event updates from Verdict.

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information about your rights in relation to your personal data and how you can unsubscribe from future subscriptions marketing messages. Our services are intended for corporate subscribers and you warrant that the email address you submit is your corporate email address.

Cybercriminals are constantly evolving their phishing tactics to stay ahead of security measures. They adapt their techniques, use new social engineering tactics, and create more convincing email templates to bypass security filters and deceive recipients.

An increase in the number of attacks in recent years

The number of ransomware attacks is increasing. According to the GlobalDatas 2024 Cybersecurity report, one in 10 organizations worldwide was targeted by ransomware attacks in 2023, an increase of 33% compared to the previous year. Organizations around the world each experienced an average of over 60,000 attacks, underscoring the scale of the problem.

In late March 2021, CNA Financial, one of the largest commercial and casualty insurance companies in the US, was hit by a ransomware attack by the Phoenix group. The attackers used Phoenix Cryptolocker ransomware to disrupt CNA’s network, demanding a ransom of $40 million. CNA paid the ransom within two weeks after attackers stole customer data and encrypted the network. In response, CNA implemented endpoint detection and monitoring tools to assist in the recovery process.

Impact on financial institutions

Ransomware attacks can have a devastating impact on financial institutions. Operational disruptions are immediate, critical systems are disabled, and employees are unable to perform essential functions. For example, during an attack, customer transactions and accounts may be suspended and access to financial data may be lost, severely impacting daily operations and undermining customer trust.

The financial loss is significant and goes beyond the ransom payment itself. Institutions incur costs associated with data recovery and restoration, legal fees and potential regulatory fines. There are indirect costs such as lost business opportunities and reduced market reputation. Reputational damage can be long-lasting as customers may lose confidence in an institution’s ability to protect their assets and personal information.