Ransomware threats - are we ready to respond?

In the 2023 Digital Trust Insights survey, which had more than 3,000 respondents across 65 territories, 45% of respondents with a tech role selected ransomware as an increased threat in 2023 compared to 2022. This is consistent with other threat intelligence reports that have been tracking cybercrime trends over the years.

Ransomware, which is a type of malware that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off, can be a very profitable attack vector from a cybercriminal’s perspective. Orange Cyberdefense, which has been tracking data leak sites in the dark web run by ransomware groups since January 2020, have noted that the group LockBit has dominated the ransomware criminal ecosystem in 2022, accounting for almost half of all victims (more than 800 victim organizations from about 60 different countries). Another group called BlackCat (ALPHAV) has hit closer to home, and allegedly stole up to 1TB of sensitive data from the Central Bank of Gambia which included sensitive financial documents and internal information.

In addition to attacks from organized cybercriminal groups, cybercriminals without the necessary skills to launch sophisticated ransomware attacks can subscribe to Ransomware-as-a-Service (RaaS) services and pay for customized malware to launch a successful attack. Alternatively, cybercriminals who manage to infiltrate an organization’s network can act as access brokers and sell this access to cybercriminal groups. This widens the threat landscape for organizations, but especially organizations within the Financial Services sector which continues to be a priority for cybercriminals.

TAs financial service providers continue to digitally transform and offer more innovative digital solutions such as biometric verification and registration, digital wallets, and mobile finance management tools, the risk of ransomware attacks cannot be understated and requires specific strategies as a response. Some of these strategies include patch management, vulnerability management, improving incident detection and response capabilities, business continuity planning, network segmentation and third-party risk management.

However, in the event that an organization does experience a ransomware attack, the following steps have proven to be helpful:

Of course, the above steps assume that the organization has already invested in some basic information security controls and infrastructure, and is willing to do what it can to recover data without paying a ransom. There have been many circumstances where organizations chose to pay the extortion fees in order to resume business operations. While this is ultimately a business decision, the organization will continue to contribute to cybercriminal operations and advertise to other cybercriminals that they are a paying victim.

Based on these observed trends, all organizations should assume that they are targets and begin making relevant decisions to prepare for the inevitable. At the bare minimum, every organization should have an answer to the prime question: “Are we sufficiently prepared for a ransomware attack?”