The three main ransomware threats facing financial services companies today

The three main ransomware threats facing financial services companies today

Information stored by financial services firms is arguably amongst the most valuable data held by any organisation. As well as the regulatory implications, FS businesses also face irreparable reputational damage in the event of a data security breach in an industry operating on trust. Hybrid and home working, as well as an influx of pandemic-related scams, have heightened the risk to financial institutions of all shapes and sizes. According to estimates from our cybersecurity partners Veeam, one business falls victim to ransomware every 11 seconds. 

If you haven’t been taking ransomware seriously, you should. Here’s what it is, the three most common forms to watch out for, and where to go for resilience strategies. 

What is ransomware? 

Ransomware is a form of malware that, on entry, encrypts files in a system. Financial services firms are a popular target because of the perceived value of data held. Phishing emails are a common entry point, unknowingly giving cybercriminals access to company systems and networks. 

After encrypting files, the attackers will usually attempt to extort money from the organisation to restore access. Backups may save the day for some businesses, but increasingly sophisticated ransomware attacks seek out production and backup files – leaving the organisation no choice but to give in to the criminals’ demands. 

The three types most commonly seen in financial services 

There are various ransomware models employed by cybercriminals, but financial institutions tend to see just three types:

1. Ryuk 

First discovered in 2018, Ryuk created a splash when it was used to disrupt the operations of a major American newspaper. Before finally being quarantined by the organisation’s IT team, it reinfected and spread onto connected network systems because security patches didn’t return when the team rebooted servers.

2. Phobos 

Phobos ransomware is an evolution of Dharma (also known as CrySIS), first appearing in early 2019. It’s distributed via hacked Remote Desktop (RDP) connections, with hacked RDP servers cheap to obtain on the black market.

3. Sodinokibi

First identified in spring 2019, Sodinokibi is a Ransomware as a Service (RaaS) model that is used almost as much as Ryuk. Since it appeared, detections have increased by 820%, according to Veeam. 

Take steps to protect your business 

Ransomware is not a question of if, but when. Some 93% of organisations are attacked every year, costing an average of £74,000 to recover. To help, we’ve teamed up with cybersecurity experts Veeam to offer market-leading ransomware protection for regulated businesses. 

Read the full report to uncover the three resilience strategies needed to win the battle against ransomware attacks.