Ransomware Attacks on Financial Institutions Increased in 2023

Ransomware attacks on financial institutions increased by 140% in 2023 in contrast to 2022, with 66% involving data theft. This article goes into the details surrounding these events.

Ransomware was identified as an exponential threat to financial institutions in 2023, with attacks increasing by more than 140% compared to the previous year. This increase highlights the finance industry’s vulnerability to cyber-attacks designed to steal sensitive data and extort money.

A shocking 66% of publicly disclosed ransomware incidents in the financial sector last year included data exfiltration activities in addition to traditional system encryption. This double extortion tactic gives cybercriminals more leverage, allowing them to use stolen data and demand higher payouts in exchange for not leaking or selling the information online. Personal data of customers, employees, partners, and proprietary financial information are among the most extracted types of confidential information.

LockBit claimed responsibility for 33% of the publicly disclosed ransomware attacks on the financial sector, targeting BSI and Chicago Trading Company to name a few.

In 2023, the breach at ICBC Financial Services crippled the US division’s trading systems, preventing settlements with partners such as BNY Mellon, which was owed $9 billion in unresolved trades by ICBC. The disruption was so severe that ICBC considered couriering trading data via USB stick to restore critical processes.

The financial industry also faced significant damage from the MOVEit ransomware incident. Orchestrated by the Clop ransomware group, this attack exploited a zero-day vulnerability in MOVEit Transfer, a file transfer software by Progress Software. Tracked as CVE-2023-34362, it primarily enabled the theft of personally identifiable information from customer databases.

A number of entities that have been posted on Clop’s leak website (source: Clop’s leak website)

Despite the fact that a patch was issued, many financial customers failed to apply it in a timely manner, resulting in widespread data breaches. This incident affected a staggering number of banks, with 35 initially reporting breaches of customer personal data before increasing to 60. Clop’s tactic of setting up clearweb sites to leak stolen data exacerbated the situation.

Financial institutions hold a lot of sensitive information belonging to employees and customers including PII and financial account data. Should this data get into the wrong hands, there can be huge consequences experienced not just by the hacked organization but by the customers and employees themselves.

Theft of credentials including usernames and passwords, email addresses and other account information is one of the most worrying types of data theft. Account takeover and identity theft are among the sinister ways that these cybercriminals can use exfiltrated data to impact end users.

Most organizations will offer some compensation for a breach in the form of identity theft monitoring and will offer guidance but once the data has been leaked, it will always be available.

It is crucial that financial organizations prioritize the safety of customer information to ensure that if a breach occurs, the repercussions are limited.

With its advanced ADX technology, BlackFog provides a cutting-edge solution to protect your network and ensure the safety of your data. BlackFog stays ahead of the ransomware game by using behavioral analytics to prevent data theft before it occurs.

The deployment of BlackFog is a proactive step towards securing your organization’s data, preventing it from falling into the wrong hands. Don’t wait for a breach; register for an assessment today and strengthen your defenses with BlackFog.