Business Continuity

Ransomware attacks in finance hit new high (2023 report)

August 15, 2023

7 min read

Dale Shulmistra

Data Protection Specialist @ Invenio IT

Ransomware attacks in finance continue to increase, according to a new report from cybersecurity firm Sophos. In a survey of more than 300 IT and cybersecurity professionals in the financial services industry, 64% said they were hit by ransomware in the past year – a significant jump from 55% in 2022.

Financial services organizations have been a top target for ransomware attackers over the last few years, along with other industries like healthcare and manufacturing. The latest data suggests these attacks aren’t slowing down any time soon.

Key findings from the 2023 report:

Highest-ever rate of ransomware attacks in the finance industry (since Sophos began tracking the figure)
81% of financial services organizations hit by ransomware said their data was successfully encrypted
Only 14% of finance companies managed to stop an attack before data was locked
In 25% of attacks, the attackers also stole data in addition to encrypting it

The new report is a troubling sign for banks, investment firms and other financial services organizations, which have struggled to curb the onslaught of attacks in recent years.

However, the findings indicate that attackers are not always using more sophisticated methods to deliver ransomware. Human error remains a leading root cause of many attacks, suggesting there are opportunities to eliminate common vulnerabilities with stronger user training and disaster recovery solutions.

How many ransomware attacks hit financial services?

Getting the total number of ransomware attacks in finance (or any industry) is difficult, because many attacks are unreported. But the Sophos report helps to shed light on how common these attacks are – and which direction they’re trending.

This chart below represents the yearly percentages of financial companies that stated they had been hit by ransomware in the previous year:

2023	2022	2021	2020
64%	55%	34%	48%

Excluding the downtick in 2021, the rate of attacks on financial services has been increasing every year. Nearly 2 out of 3 finance companies were attacked within the last year. This rising rate of attacks should be a red flag to the entire industry. For companies that are fortunate to have avoided an attack thus far, it’s likely only a matter of time before an infection slips through.

How does this compare to attacks in other industries?

Despite the alarming rate of attacks, the financial services industry is actually doing slightly better than the cross-industry average. Across all industries, 66% of respondents said they were hit by ransomware last year vs. 64% in finance. Here’s what the numbers look like across other top-targeted industries.

Percentage of organizations hit by ransomware in the previous year:

Higher education	79%
Construction	71%
Federal government	70%
Media & Entertainment	70%
Local/state government	69%
Retail	69%
Financial services	64%
Healthcare	60%
Manufacturing	56%

In total, Sophos’s 2023 report was based on an independent survey of 3,000 IT & cybersecurity professionals for companies located across 14 countries, conducted between January to March 2023. Findings for financial services were based on a segment of 336 respondents specifically from that industry.

Why are they attacking finance?

Simply put: attackers go where the money is. More precisely, they hit the industries that are most likely to meet their ransom demands. That means hitting companies that can’t afford to lose their data or suffer an extended disruption to their operations.

Financial services is by far the most lucrative sector in the United States, according to data from IBISWorld. But if an attack compromises critical company files or its customers’ sensitive information, the consequences can be costly. Data recovery alone can be expensive, as we note below, especially if a company’s data backups are unreliable. Plus, there’s a risk of litigation, government intervention and long-term reputational damage. Add that to the cost of service outages caused by the ransomware and these attacks can easily balloon to several million dollars.

Attackers know that financial companies will be more willing to pay the ransom to restore their data back to normal. They also know that these companies have the resources to meet larger demands. This makes the industry a hot target, especially when financial institutions continue to pay up.

Feds warn financial industry about Dridex ransomware

Over the last few years, Cybersecurity experts have warned the finance sector about the danger of select types of ransomware and financial Trojans, such as Dridex. In 2020, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a statement to financial institutions about Dridex, stating:

“The Dridex malware, and its various iterations, has the capability to impact confidentiality of customer data and availability of data and systems for business processes … The primary threat to financial activity is the Dridex’s ability to infiltrate browsers, detect access to online banking applications and websites, and inject malware or keylogging software, via API hooking, to steal customer login information … We expect actors using Dridex malware and its derivatives to continue targeting the financial services sector, including both financial institutions and customers.”

How do attackers infiltrate financial institutions?

Even with cybersecurity systems implemented, financial organizations remain vulnerable to a variety of methods employed by ransomware attackers. Social engineering is the most common root cause, as it preys on human error to infiltrate organizations’ networks and file systems.

Top causes of ransomware attacks in finance, according to Sophos:

Exploited vulnerability	40%
Compromised credentials	23%
Malicious email	19%
Phishing	13%
Brute force attack	3%

At first glance, the most common root cause of attacks would appear to be exploited vulnerabilities. However, the next three causes on the list can all be attributed to human error:

Compromised credentials, for example, usually stem from weak passwords or mishandling of the credentials (such as using the same password for multiple logins).
Malicious email and phishing both rely on user deception, fooling the user to click a link or download an attachment.
Added together, 55% of financial companies said ransomware used one of these three methods.

Do financial organizations pay the ransom?

Yes, 43% of companies said they paid a ransom to get their data back after a ransomware attack. According to Sophos, this is only slightly better than the cross-sector figure of 46%. This indicates that financial institutions are largely just as willing as most other organizations to pay their attackers if it means restoring data faster.

As a rule of thumb, federal authorities strongly advise all organizations not to pay the ransom, except as a last resort. Paying the attackers fuels the growth of the ransomware market, making it worse for everyone. Also, some attackers will gladly take the money without ever decrypting data as promised, resulting in a steep financial loss for the victim.

How much do they pay?

Financial organizations paid an average of $1.6 million to their ransomware attackers in an attempt to retrieve their data. This represents a six-fold increase over the previous year’s average of $272,655. Additionally, the amount is more than $100,000 greater than the average amount paid by companies across all industries.

It’s important to note that many companies do not share information about their ransom payments. In many cases, it’s in their best interest not to report the attack at all. In Sophos’s research, only 18 financial organizations shared the ransom amounts they paid. $1.6 million was the average amount among those 18 companies.

What about data backups?

A robust data backup solution is an essential layer of defense against ransomware. However, not all companies are able to successfully restore their backups after a ransom attack, due to limitations in the backup system or other factors.

69% of financial organizations reported that they used backups to restore data after a ransomware attack. This is an encouraging figure, but it also means that more than 30% of companies were still unable to leverage a backup (or they retrieved the data via other methods, such as by paying the ransom).

How much are the recovery costs for financial companies?

Not surprisingly, ransomware attacks cost financial institutions more than most other industries. In 2023, financial organizations shelled out an average of $2.23 million to fully recover after a ransomware attack.

This figure does not include any ransom payments, which represent only a fraction of the total recovery costs for most organizations. Ransomware attacks can cause operational downtime, idled workers, hardware malfunction/replacement, lost revenue/growth opportunities and long-term reputational damage, all of which can be enormously costly.

In fact, even among companies that used backups to restore data, the average recovery cost was still $375,000. Still, this was far cheaper than paying the ransom. Among financial institutions that paid a ransom to get their data back, the average recovery cost was $3 million.

What was the impact on business/revenue?

80% of surveyed financial organizations said that ransomware hurt their business, with 46% saying they “lost a lot of revenue.” This is not surprising given the widespread disruption that ransomware can cause – and the time it takes for most companies to recover.

Financial services companies with robust backup systems are sometimes able to fully recover in less than a day. But not all organizations are so fortunate, as illustrated by the figures below.

Full recovery time reported by financial organizations:

Less than a day	11%
Up to a week	36%
Up to 1 month	31%
1-3 months	19%
3-6 months	3%

Recent ransomware attacks on financial institutions

1) Globalcaja

Globalcaja – a leading Spanish bank with more than 300 branches across the nation – confirmed in June 2023 that it had suffered a ransomware attack. The attackers, known as the Play ransomware group, claimed they stole data in addition to encrypting it.

What we know:

In a statement, the bank said that computer systems at several of its locations were infected with ransomware.
The attack forced the bank to close some locations and “temporarily limit the performance of some operations.”
Hackers reportedly stole “private and personal confidential data,” including client and employee documents, passports and contracts.

Source: Recorded Future

2) Cl0p ransomware / MOVEit Transfer exploit

The Cl0p ransomware group used a supply-chain attack in June 2023 to infiltrate numerous U.S. organizations, including at least 10 American banks and credit unions. The attack infiltrated organizations by exploiting a vulnerability in a popular third-party file-transfer tool, MOVEit, made by Progress Software.

What we know:

The attack affected more than 90 organizations in total.
Data was stolen in addition to being encrypted by the ransomware. Leaked data included users’ names, addresses, birthdates, social security numbers and more.
Some of the financial institutions affected by the attack include 1st Source Bank, First National Bankers Bank and Putnam Investments, a Boston-based investment management firm.

Source: TechCrunch

Conclusion

Ransomware attacks in finance continue to rise, with 64% of organizations saying they were hit within the last year. The attacks are increasingly disruptive and costly, even when financial organizations are able to get their data back. However, companies can significantly curb the impact of a ransomware attack with stronger disaster recovery systems and preventative measures.

In research by Sophos, 55% of reported attacks were caused by human error due to compromised credentials, phishing or malicious email. This suggests there is a lot of room for improvement in implementing user training that educates employees on safe practices for email/web and how to identify suspicious messages.

Additionally, financial service organizations can dramatically accelerate recovery time by implementing a robust data backup system. Data backups allow companies to restore encrypted files back to a clean state, thus minimizing operational disruption and eliminating the need to pay a ransom.

Don’t leave your data at risk

Strengthen your organization’s ransomware defenses with dependable data backup solutions from Datto. Request a free demo or speak to our experts at Invenio IT today. Call (646) 395-1170 or email success@invenioIT.com.

I have been working with Invenio for the past 6 years and on a consistent basis I found there support to be outstanding. The primary support representative, Dale S., goes out of his way to ensure his services are beyond my expectation.

Curtis Hill

13:52 04 Oct 22

Great Support staff all around. The system works as described. I've successfully restored a server that was blue screened by updated onboard application incompatibility.

Jeffrey Mondi

15:55 07 Jun 22

We have been working with Invenio IT for about 7 years now. They support of Datto backup system and their support is nothing but the best. They have been great helping set everything up and since then, we just monitor the backups and really have nothing to do as it has been running flawlessly. We an rare issue do occur, I can contact Dale at anytime (I mean anytime, he had answer the phone like 2 am) and he will help in anything I need, whether to spin up a virtual server when one of our production server goes down or we get an error on one of the backups and he looks into it and either resolve it or give us the solution to resolve it. Also, when we needed to upgrade our Datto system, they really go out of their way to give you the best deal which should have cost us a lot but Dale came through and we have been backing up flawlessly. Overall, Invenio IT has great support and always there when you need them. I will recommend them to anyone and I will take them anywhere I go. Thank you Invenio IT, especially to Dale Shulmistra!

Andre Glenn

15:24 03 Jun 22

Invenio IT has been very supportive and a long time vendor. They have supported our backup and recovery needs as well as provide top tier technical service whenever needed. Highly recommend!

Kevin Schnupp

16:24 02 Jun 22

Always goes above and beyond to ensure a great result. Quick responses and work completed on time and accurately. We have used Invenio IT and their Datto service numerous times to bail out customers. They always make us looking amazing and save the customer a lot of heartache. Can't ask for more!

Rajev S

19:32 01 Jun 22

I purchased my Datto backup appliance from Invenio IT (Dale Shulmistra) the best customer service rep. I've had in a while. He will go out of his way to help you in any way he can. Truly a five star!!

George Rodriguez

15:18 01 Jun 22

We've had Datto service with Invenio IT since 2015. While it's rare that we have issues, every time I need Dale's help he get's things done. It's really nice to have reliable service and one less thing to worry about these days. I would highly recommend Dale and Invenio IT.

Jimmy Rabitsch

14:20 01 Jun 22

We have been working with Invenio IT for over 3 years now. They have provided superior customer service and are very responsive. We work directly with Dale who is a pleasure to work with.

Anosh Zaveri

14:09 01 Jun 22

Invenio IT has been an exceptional business & technology partner for our company for many years. They have the best-in-class service (sales & support) and a knowledgeable teams on-staff when we need them the most. Good service; great people.

Larry Lou

14:01 01 Jun 22

Always responsive and helpful with a great team and awesome support, glad to do business with them.

Damien Russell

13:57 01 Jun 22

I worked with 3 techs previous before Darnell Johnson, the three previous were not on the same level as Darnell. His customer service and dedication to make sure all bases are covered are unmatched. 10/10

Jacob B

23:29 13 May 22

Invenio IT is the backbone for my disaster recovery solution. If I have anything wrong with my backups I am getting a call from Dale. This type of support is awesome especially when backing up 100+ servers.

Paul Gugel

02:18 24 Jan 19

Invenio IT has provided us with an excellent BDR solution in the Datto SIRIS. An enterprise-level solution at a reasonable cost, along with simplicity and ease-of-use, were a few items that helped us move to a Datto SIRIS. The only surprise was the extremely detailed level of service and support we received from Invenio IT. After 20 years of IT experience as a support professional myself, I did not expect to be surprised by the sustained, over-the-top level of support and professionalism that we received from Dale and the Invenio IT team. But I was surprised, and very happily so. Actually, I couldn't be happier!

Clyde Cornelius

15:08 07 Jun 18

The Datto Siris product works well and the web portal for management is excellent. My Invenio Rep is attentive, gets in front of issues and monitors the backup service.

Edward Caco

15:31 05 Jun 18

Great product! Great Service. I was up and running in no time.

Theodore Herrmann

21:35 04 Jun 18

I highly recommend Invenio IT to everyone. They provide amazing customer service. They are very responsive, and quick to resolve any issues or concerns. They have been a tremendous resource for several IT projects. One product / service in particular that is an absolute must is their backup services using the Datto SIRIS. This is just one example of many that has simplified my life while giving me much improved data security. I have full confidence and peace of mind knowing my data is secure and always available. By far the absolute best IT company I have ever dealt with.

Robert Bearry

19:41 04 Jun 18

I am very pleased with the Datto project and support offered at Invenio IT. The professionalism and speedy response to all of my issues have been handled impeccably. I would highly recommend their services. -Billy

William Porche

19:33 04 Jun 18

We were looking for a product which will verify the backup everyday without our intervention. For our size, Datto Alto 4 by far is the best product available on the market for the up-front and recurring price. Everyday it shows that the image backup is boot-able. We did the test by visualizing the server in the cloud and connecting seven work stations to it, and it worked flawlessly. Dale from Invenio IT was there every step of the way from purchase to install to testing. He provided exceptional service. He oriented us to Datto environment very well and is always available to answer questions. Further, every day he is monitoring the backups and ensuring the success. We are very pleased with the results. Thank you Dale!

Yogesh Mantri

21:09 24 May 18

Datto/Invenio was installmental in saving my business. The SIRS had a snapshot of beginning of the day. So I was good to go in minutes with the last backup thank you invenioIT.

Kim Zayac

16:41 03 Nov 17

We have the Datto SIRIS through Invenio IT and we couldn't be happier. Great team with exceptional customer service. Keep up the good work!

Rachel Leventhal

21:34 17 Aug 17

Invenio IT is simply awesome! I have been working with Dale for a couple of years now and the service and after sales support is great. I have submitted support requests and literally have had them resolved in under 20 minutes. That is great service!

gramfer

12:36 03 Aug 17

I have a SIRIS2 backup hardware which is an outstanding product and Invenio IT is one of the best support companies out there. They keep me informed of anything that is going on with my backups.

01:23 26 Jul 17

Quick response and good customer relationship. We been working with Invenio for over a year and it has been good results all around. Keep up the good work.

Date Kouy

20:06 20 Jul 17

Incredible professionalism from the Invenio staff. Hard working, a joy to do business with, and true innovators. This is a company that values its partnerships and will always do what's best for the customer.

Grant Brown

20:34 18 Jul 17

So... how complicated would your life be if you lost precious data files and there was no chance of recovery. Sounds scary. Yes it does. Life can be easier. You can take an associates human error of erasing or losing work or even an equipment failure that would have you work through the weekend in stride. Deploying a DATTO Sirus will protect your data locallly and in the cloud with so many easy ways to recover when the need arises. Support is excellent and reliable. Get a DATTO Sirus and rest... assured!

Ron Rizzi

20:09 17 Jul 17

Solid Datto support for our server systems. In the rare event there's been an issue, Invenio often knows before we do and has a fix ready. They are highly responsive to questions and keep our backup system.

Jason Blair

16:51 17 Jul 17

The fantastic Datto SIRIS coupled with the helpful folks at Invenio IT have let me stop worrying about my backups and disaster recovery plans to focus on more important things such as my morning coffee and keeping users from destroying the network before lunch.

Matthew Fex

16:35 17 Jul 17

Great partner to have. I recently joined the company I work for and found that they have a Datto backup system. I have never used the system and with the assistance of Dale at Invenio IT the learning curve has been an easy one. They typically let me know if something has gone wrong before I even knew it happened. Bottom line, outstanding support. I would highly recommend them for your IT services needs.

Gary Collier

16:11 17 Jul 17

Purchasing my SIRIS3 through Invenio IT has been one of the best decisions I’ve made. They always reach out to help whenever a problem arises, often before I even know there’s an issue with my backups. When my business got hit with Ransomware, I was able to restore my entire environment within a matter of hours thanks to my SIRIS3 and Invenio IT!

Gregory Carwile

16:08 17 Jul 17

The Invenio IT staff is friendly and knowledgeable! They really know everything about the Datto SIRIS

annmarie kotsianas

03:20 02 Jul 17

Can't say enough about the folks at Invenio. They are experts in business continuity and a pleasure to work with!

Michael Marlin Jr.

16:50 28 Jun 17

Invenio IT is a great organization to work with. Their consulting and managed services are exceptional are always at the leading edge of I.T. Strategy and execution, anticipating what you need before you experience an expensive order of magnitude "issue". They lead with integrity and clear down to earth communications. Highly recommended.

Leander Gillard

16:19 19 May 15

Great company medium sized organizations, handles all the management of data integrity, data redundancy/backup and all of your data management needs. I was truly lucky to have a excellent company supporting my orgazation when we did actually encounter data issues. Invenio IT was able to quickly assess and analyze the problem and then fix our issues with no down-time and little to no effect on our user base. Thank you Invenio IT.

Employment Employment

15:04 06 May 15

Invenio IT has supported my business for the past few years and I have had a great experience. The staff is knowledgeable and go out of their way to make technology simple to understand. If you are in need of a strategic (and friendly) IT partner, I would consider this company.

T. Rock

14:22 06 May 15

‹

›