If there's been one cybersecurity trend that demanded our attention in 2016 it was ransomware attacks. Looking at statistics from the US government, instances of ransomware attacks increased by 300% percent between 2015 and 2016. According to the government's sources, the average number of daily attacks jumped from 1,000 per day in 2015 to 4,000 per day in 2016.
This dramatic increase in activity is something that's not only piqued the interests of cybersecurity experts but the mainstream media too. With WannaCry and Petya/NotPetya wreaking havoc across the globe, everyone is now on high alert, including financial firms.
A Network of Virtual Hostages
So what exactly is ransomware and what is its purpose? Put simply, ransomware is a form of malware that infects a user's system and demands a payment (i.e. a ransom) before it will unlock the files its holding hostage. Depending on the severity of the attack, ransom demands can range anywhere from a few hundred to a few hundred thousand dollars.
According to cyber security experts, ransomware is distributed in eight main ways, including phishing emails, social media and infected programs. Once locked into a system, the malware can remain dormant until the device is activated, at which point it will move through seven stages. After scanning a system for files it can encrypt, the malware "performs a key exchange" with the Command and Control Server. At this point, the encryption key is used to scramble all files identified as vulnerable during the initial scan.
Assuming the victim pays, the software will discharge the files and delete itself, as was the case when WannaCry hit in May 2017. Thousands of users paid the $300 release fee and experts calculated that more than 230,000 computer had been infected. Although much of the media's coverage of WannaCry focused on its impact on health services, banks and financial institutions were also a major target. In fact, the US Federal Financial Institutions Examination Council (FFIEC) warned banks about ransomware attacks back in 2015.
Financial Institutions Have Long Been a Target
Putting out a statement on the issue, the FFIEC told financial institutions to be wary of the "increasing frequency and severity" of ransomware attacks. It went on to support this warning in 2016 by releasing data that showed ransomware attacks on businesses increased three-fold with an incident occurring every 40 seconds. Despite the mainstream prominence of WannaCry, it's clear the issue of ransomware has been a threat to the financial industry for some time.
In fact, when the hype surrounding WannaCry subsided, this message was brought to the fore again by another piece of malware known as Petya. First striking down Ukraine's central bank before spreading across Europe, the malicious software charted a similar course to WannaCry but was seemingly tougher to stop. At one point, analysts confirmed Petya was almost identical to WannaCry but "without the kill switch" which raises the question: What's next?
With ransomware proving hugely popular and profitable for cybercriminals, it seems to be only a matter of time before another major attack happens. Each new attack seems to be more complex and tougher to stop and that should be the worrying thing for financial institutions that don't adhere to correct security protocols. Many of the infected systems are either lacking security software or running outdated, unpatched software.
Although businesses can never be 100% secure, applying the latest patches, updates and security software is the most effective way to mitigate risk. Indeed, as ransomware continues to gain traction as a movement, now is the time for financial institutions to be more vigilant than ever.
Join the Conversation