Far from being on the decline, ransomware is a ‘rapidly evolving threat,’ with a rising number of attacks and new extortion tactics
In a 2020 report titled “The Rise and Rise of Ransomware,” Financial Services Information Sharing and Analysis Center (FS-ISAC) found that while financial institutions remain resilient to ransomware attacks, they are not immune. Ransomware is a rapidly evolving threat that financial institutions globally and in the APAC region need to be vigilant against. Last month, cybersecurity firm Checkpoint reported that India ranked second for ransomware threats in the world, and Sri Lanka ranked third. However, a study by US-based Temple University only found 28 reported cyber-attacks in Asia, indicating a large degree of underreporting.
The report notes that ransomware operators have publicly claimed successful attacks against eight financial institutions around the world in 2020, three of which are banks. Even large institutions with robust cyber defences are still vulnerable to attacks, especially through their third-party suppliers who are key targets. Ransomware operators have targeted third parties and suppliers used by firms in Asia, such as Software AG, who was the victim of CLOP ransomware in October.
Ransomware – No Longer a One-Trick Pony
Traditionally, ransomware attacks involved cybercriminals holding a system or data for ransom, with access restored once the ransom is paid. Today, ransomware attacks have diversified, incorporating new revenue streams such as:
- Extorting victims by threatening to publicly name them and publish sensitive data online
- Auctioning off victims’ data to other criminals on the dark web
- Ransomware-as-a-service, where less technical criminals can buy ransomware kits from more sophisticated threat actors
Top 5 Threat Actors
The report notes the top five ransomware ploys in the last 12 months:
- Ryuk: 45
- Maze: 14:
- WastedLocker: 4
- Troledesh: 3
- Sodinokibi: 3
Threat Intelligence is a Critical Tool in Fight Against Ransomware
Threat intelligence can help prevent an attack from happening in the first place through enabling institutions to construct pre-emptive defences to known attackers. It can also prove invaluable to an institution that has already fallen victim to ransomware; knowing the type of ransomware used in the attack can help the victim assess the attacker’s identity, motivations, and attack patterns, such as whether the attacker is known to offer a decryption tool after payment. This information can help firms decide on next steps in the event of a successful attack.
FS-ISAC is the industry’s trusted hub for cyber threat intelligence sharing, allowing members to both report and access threat intelligence on the latest ransomware actors – as well as the whole range of cyber threats facing the sector.
Teresa Walsh, Global Head of Intelligence at FS-ISAC, said, “Ransomware is a particularly nefarious cyber threat that has the potential to cause large material losses to victims, which can include financial institutions. In the APAC region, ransomware represents a rising number of attacks, though they often go unreported. Threat intelligence is crucial in anticipating and preventing attacks and can also help firms mitigate the fallout from a successful attack.”
For the full report, and to learn how to better prepare for ransomware attacks visit: here.
FS-ISAC also invites members of the financial sector to attend the 2020 Asia Pacific Summit (virtual), starting 1 December 2020, featuring a mix of live and on-demand sessions covering relevant topics around:
- Fraud
- Governance, Risk Management and Compliance
- Digital Currencies
- Advanced Technologies and Techniques
- Cloud/Virtual environments