Financial industry plagued by ransomware attacks

Although the global number of ransomware attacks dropped by 36% to 317.6 million in 2023, the financial industry is still plagued by malicious software, which can significantly disrupt business operations and cause reputational and financial damage.

  • Tuesday, 7th May 2024 Posted 7 months ago in by Phil Alsop

According to data presented by Stocklytics.com, almost 65% of financial organizations worldwide reported experiencing a ransomware attack in 2023, significantly more than just two years ago.

The Number of Ransomware Attacks Doubled in Two Years

Although a lot has changed since the WannaCry ransomware attack in May 2017, with companies and organizations taking various security measures and boosting their cyber security budgets, ransomware remains one of the leading types of cyberattacks globally. Last year, ransomware made up nearly two-thirds of all reported cyber attacks, and most of them happened in the financial industry, one of the most targeted sectors.

The rise of new technologies, the emergence of ransomware marketplaces, and the easy availability of malware kits used to create new malware samples on demand have made the rate of ransomware attacks in the financial sector skyrocket in the past few years. Sophos's State of Ransomware in Financial Services 2023 survey showed just how significant that growth was.

Last year, nearly 65% of financial organizations reported experiencing ransomware, up from 55% in 2022 and almost double the 34% reported by the sector back in 2021. Although the industry experienced an increased attack rate, it was still below the cross-sector average of 66%.

Furthermore, financial services reported the highest encryption level in the last three years. In 2023, 81% of financial organizations stated their data were encrypted, way up from 54% reported a year before. Statistics also showed that only one in ten attacks were stopped before the data was encrypted, the second lowest rate across all sectors included in the survey.

40% of Attacked Organizations Paid a Ransom of $1 Million or More, 8x more than in 2022

Exploited vulnerabilities and compromised credentials were the two most common causes of ransomware attacks in the financial services sector in 2023, with 40% and 23% shares, respectively. Phishing ranked as the third most common cause, with a 33% share in total attacks.

The survey also showed that while ransom payments dropped, the average payment amount skyrocketed. In 2023, 43% of financial services organizations paid the ransom to recover their encrypted data, down from 52% a year before.

However, the share of organizations paying higher ransoms has increased, with almost 40% of paying one million dollars or more, or eight times more than in 2022. At the same time, the share of organizations that paid less than $100,000 remained unchanged, coming in at around 40%.

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 5 days ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 6 days ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 6 days ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.