Addressing the Growing Ransomware Problem

Ransomware has become the leading cyber threat to businesses today—and it is growing at an alarming rate. Threat actors, who often work in groups, continue to evolve and create different ransomware strains. They rebrand themselves and resurface under new identities, making it difficult to curtail their criminal activities. Ransomware has continued its upward trend with an almost 13% rise—an increase as big as the last five years combined, according to the 2022 Verizon “2022 Data Breach Investigations Report.” And the FBI’s Internet Crime Complaint Center Annual Report stated recorded 3,729 ransomware complaints in 2021 with adjusted losses of more than $49.2 million.

The pervasive nature of the ransomware problem affects all types of companies, sectors, and industries worldwide. Approximately 37 percent of global organizations were targeted by a ransomware attack in 2021, based on the IDC’s “2021 Ransomware Study.” And in February 2022, the Cybersecurity and Infrastructure Security Agency (CISA) reported that fourteen of the 16 US critical infrastructure sectors had ransomware incidents.

The Impact

Ransomware is malicious software or malware that locks victims out of their computing devices or blocks access to files until they pay a ransom. More sophisticated versions can encrypt files and folders on attached drives and even networked computers, raising the stakes even higher. (In all cases, the FBI does not support paying a ransom in response to a ransomware attack.)

Typically, ransomware gets installed on a workstation using a social engineering technique such as phishing. It tricks people into clicking on a link or opening an attachment and disclosing their login information or even financial data. Regardless of the threat vector used, a ransomware infection can wreak havoc on victims, causing extensive business interruptions, legal expenses, and reputational damage. According to IBM’s Cost of a Data Breach 2022 report, the average cost of a ransomware breach, not including the ransom payment, declined slightly, from USD 4.62 million to USD 4.54 million. However, the frequency of ransomware breaches has increased — from 7.8% of breaches in the 2021 report to 11% in the 2022 study. In certain industries, an attack may be considered a data breach and involve even more negative consequences. For instance, financial institutions and other critical infrastructure agencies may be required to pay fines for an attack due to their failure to protect clients’ data.

Cybercriminals are shifting away from ransomware attacks that merely demand a payment to unlock the victim’s data or device. They are focusing on more multidimensional extortion methods to extract a larger reward. IBM Security’s 2022 “X-Force Threat Intelligence Index” report indicates that virtually all ransomware assaults today are “double extortion” attacks that demand a ransom to unlock data and prevent its theft. Some attackers opt to exfiltrate sensitive data, so they can present additional ransom demands in the future. They may also sell personal data—credit card numbers, email addresses, online credentials, or bank account information—to make the fraud even more lucrative.

Best Practices

Security is a complicated issue, which makes staying on top of threats and vulnerabilities challenging. Financial institutions must complete a myriad of time-consuming and complex tasks to maintain a strong security posture. Addressing ransomware can be particularly difficult for community banking institutions with limited internal technical expertise and resources. And there is only so much an institution can do to stay vigilant against ransomware threats.

However, institutions can reduce their risk by implementing some key security strategies such as:

• Having a well-trained staff because most ransomware intrusions are caused by human error.
• Having overlapping security products and or services to cover the protection of systems and networks.
• Having well-designed network infrastructure with security in mind.
• Having a proper incident response plan that can be adhered to in the event of a breach.

Using a Managed Service Provider

Financial institutions that put mitigating systems, processes, and practices in place will be better positioned to prevent, detect, and recover from a ransomware breach. However, many smaller institutions may lack the resources and knowledge in-house to close security gaps and circumvent attacks. They can remedy the situation by employing the products and services of a managed service provider to strengthen their security posture.

Safe Systems provides a wide range of layered security solutions to help institutions address the risk of ransomware. Our security offerings include behavior-based vulnerability monitoring, advanced endpoint protection, vulnerable systems patching, next-generation firewalls, email software security, and staff training. These products and services deliver essential overlapping protection, and they are specially designed to meet the needs of community banks and credit unions.

Also, stay tuned for our upcoming white paper that will provide more data on the current state of ransomware and how banking institutions can better minimize the risks of an attack.