According to recent research by NordLocker, the financial sector faced a considerable upsurge in ransomware attacks last year, with a total of 120 incidents reported. This increase positioned the financial sector as the second most targeted industry globally in 2022. In comparison, the financial sector experienced 4.8% of all ransomware attacks in 2021. However, in 2022, financial companies underwent a 0.8% increase in vulnerability, resulting in these organizations being targeted in 5.6% of all recorded ransomware attacks.
Over the past years, the manufacturing, construction, and transportation sectors have consistently been among the most targeted industries for ransomware attacks. However, a new trend emerged last year, with the financial sector rising to become one of the most frequently attacked industries on a global scale. This shift in focus toward the financial sector highlights the evolving tactics of cybercriminals and emphasizes the importance of staying vigilant and adapting cybersecurity strategies to address emerging threats.
Ransomware attacks on the financial sector shift
The notorious, Russian-linked ransomware gang LockBit was responsible for most of the attacks on the financial sector in both years.
In 2022, US-based companies bore the brunt of these attacks, with 58 incidents reported. The UK followed with seven attacks, while Canada and Germany each had four. In contrast, in 2021, the US experienced 69 attacks, the UK six, and both Canada and France five each.
April 2022 saw the highest number of attacks against financial companies, with 19 incidents reported, while November 2021 was the most active month in terms of attacks, with 18 incidents.
Ransomware groups do not discriminate based on company size or profit. Over the past two years, businesses with 11-50 employees (66 attacks), 51-200 employees (47 attacks), and under ten employees (26 attacks) have been targeted. Companies with profits of $10-25 million (28 attacks), $1-5 million (11 attacks), and less than $1 million (8 attacks) have also fallen victim to cybercriminals.
Businesses can protect themselves against ransomware attacks
“Many companies do not yet take sufficient care of their cybersecurity. With cyber threats constantly changing, businesses in the financial sector must remain vigilant and proactive in addressing emerging risks. Implementing robust cybersecurity measures and staying informed about the latest threats are crucial steps in protecting valuable data and digital assets from the damaging effects of ransomware attacks,”says Aivaras Vencevicius, head of product for NordLocker
Vencevicius suggests the best actions to start with when implementing practices to protect businesses from ransomware:
- Encourage proper file hygiene, encryption, and backups. File hygiene and backups can’t stop cyberattacks, but they give the company leverage. Even if a company becomes a target for ransomware, the ability to restore data immediately will guarantee business continuity. And if the company keeps the files encrypted, the information will be unreadable to hackers.
- Encourage cybersecurity training. Investing in your employees’ knowledge is the most cost-effective way to protect your organization from ransomware because 82% of cyberattacks happen due to human error. It should be organized regularly and have a holistic approach that includes every employee.
- Keep software up to date. Most cyberattacks either use social engineering to exploit the flaws in human nature or malware utilizing outdated software. Ensure everyone at the company understands the importance of keeping software up to date.
- Adopt zero-trust network access, meaning that every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.
Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between 01/01/2020 to 30/04/2023.