Ransomware is a rapidly evolving threat that financial institutions everywhere need to be vigilant against.
The Financial Services Information Sharing and Analysis Center (FS-ISAC) 2020 report, The Rise and Rise of Ransomware, noted that while financial institutions remain resilient to ransomware attacks, they are not immune.
Ransomware trends in Asia
In October 2020, Checkpoint Software reported that India ranked second for ransomware threats in the world, and Sri Lanka ranked third. However, a study by US-based Temple University only found 28 reported cyber-attacks in Asia, suggesting a large degree of underreporting.
The report notes that ransomware operators have publicly claimed successful attacks against eight financial institutions around the world in 2020, three of which are banks.
Even large institutions with robust cyber defences are still vulnerable to attacks, especially through their third-party suppliers who are key targets.
Ransomware operators have targeted third parties and suppliers used by firms in Asia, such as Software AG, who was the victim of CLOP ransomware in October.
New opportunities in Ransomware attacks
Traditionally, ransomware attacks involved cybercriminals holding a system or data for ransom, with access restored once the ransom is paid. Ransomware attacks have diversified, incorporating new revenue streams such as:
- Extorting victims by threatening to publicly name them and publish sensitive data online
- Auctioning off victims’ data to other criminals on the dark web
- Ransomware-as-a-service, where less technical criminals can buy ransomware kits from more sophisticated threat actors
Critical tool in fight against ransomware
Threat intelligence can help prevent an attack from happening in the first place through enabling institutions to construct pre-emptive defences to known attackers.
It can also prove invaluable to an institution that has already fallen victim to ransomware; knowing the type of ransomware used in the attack can help the victim assess the attacker’s identity, motivations, and attack patterns, such as whether the attacker is known to offer a decryption tool after payment. This information can help firms decide on next steps in the event of a successful attack.
A hub for cyber threat intelligence sharing, FS-ISAC allow members to both report and access threat intelligence on the latest ransomware actors – as well as the whole range of cyber threats facing the sector.
According to Teresa Walsh, global head of Intelligence at FS-ISAC, ransomware is a particularly nefarious cyber threat that has the potential to cause large material losses to victims, which can include financial institutions.
“In the APAC region, ransomware represents a rising number of attacks, though they often go unreported. Threat intelligence is crucial in anticipating and preventing attacks and can also help firms mitigate the fallout from a successful attack,” she added.
