The financial industry has been facing a surge in ransomware attacks over the past few years, said cybersecurity provider SOCRadar in a threat analysis post published on July 12, 2023.
This trend started in the first half of 2021, when Trend Micro saw a staggering 1318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020.
Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.
Although such large numbers have not yet been observed for the past two years, the increase continues, SOCRadar said.
The data gathered by the outsourced security operation center (SOC) provider showed that the financial industry was the seventh most targeted sector by ransomware actors in the first half of 2023. The industry has already suffered more attacks in six months than in 2022.
“However, not only is the frequency of attacks increasing. The sophistication and scope of ransomware attacks targeting banks have grown alarmingly in recent years,” SOCRadar added.
Clop, LockBit and ALPHV/BlackCat
Earlier versions of ransomware simply encrypted files quickly, but modern strains are stealthier and much faster. They gain network access, search for critical data, steal it and then encrypt it, maximizing the impact before security measures detect it.
Also, because financial organizations possess vast amounts of sensitive data, including information about customers, partners and authentication data, they are ideal targets for double-extortion attacks, where cyber-criminals first steal data and then encrypt critical systems.
Clop has been the most active ransomware group targeting banks and financial services, with the GoAnywhere attack in February 2023 impacting banks and over 10 financial institutions being named among the victims of the MOVEit attack, including Deutsche Bank, ING Bank and Post Bank.
Read more: Clop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat Group
LockBit 3.0 and ALPHV/BlackCat have also been actively attacking banks and financial institutions, SOCRadar observed.
In November 2022, the EU passed the Digital Operational Resilience Act (DORA) to enhance the financial sector’s resilience.
DORA’s technical standards will be released in early 2024 and the law will be applicable in EU member states from January 17, 2025.