Ransomware attacks on financial services increased by 62%


RANSOMWARE attacks on financial services have increased by 62% in the organisations surveyed in the global financial services sector. Sixty-four percent reported an increase in attack complexity and 55% reported an increase in the impact of attacks, according to a Sophos survey.

The State of Ransomware in Financial Services 2022 report is based on its annual study of IT professionals, of which 444 respondents came from the financial services sector, working in mid-sized companies across 31 countries.

The survey stated it demonstrated that adversaries have become considerably more capable of executing attacks at scale, however, the sector reported the lowest rate across all sectors surveyed despite the jump in the financial services ransomware attack rate.

The financial services’ high success rate in stopping the encryption of data likely indicates strong layered defences in this sector and it may also be influenced by the increased take-up of cyber insurance in financial services, which often demands higher cyber defences as a condition of coverage.

The surge in ransomware attacks is part of an increasingly challenging broader threat environment that has affected organisations across all sectors. 

Over the last year, cyberattacks have increased in volume, complexity and impact, which in turn increases the challenge for IT teams.

Financial services experienced an above-average increase in the complexity of attacks, in response to this sector’s strong ability to stop attacks, adversaries are forced to increase the sophistication of their approaches.

The report also stated that the organisations have to get better at dealing with the aftermath of an attack as 99% of the financial services organisations hit by ransomware and had data encrypted in the last year got some encrypted data back by backup to restore data.

It stated that the sector should invest in both taking backups and practicing recovering from them as a matter of priority.

Some 52% of respondents in financial services reported that they paid the ransom to restore data — which is higher than the global average of 46% — likely reflecting the lower rate of backup use while 24% used other means to restore encrypted data.

The report added that the average amount of data recovered after paying the ransom dropped over the last year to 61% compared to 65% in 2020 as the financial services respondents who paid the ransom recovered 63% of their data on average in 2021.

This is slightly above the global average of 61% and the amount of data restored by financial services has remained constant at 63% across 2020 and 2021.

Encouragingly, there has been a considerable increase over the last year in the percentage of financial services organisations that gain back their encrypted data back, up from 4% in 2020 to 10% in 2021. For comparison, the global average in 2021 was just 4%.

This suggests that financial services have an above-average ability to restore encrypted data once the cybercriminals provide the decryption key. 

That being said, it’s important to note that nine in 10 financial services organisations that paid the ransom did not get all their data back. The key takeaway here is that paying the ransom will only restore a part of your encrypted data and you cannot count on the ransom payment to get you all your data back.