Everyone is anti-ransomware, especially financial services

• 55% of firms were hit with ransomware attacks in 2021, up from 34% in 2020.
• 52% of financial services organizations paid the ransom to restore data, which is higher than the global average of 46%.

Cybercriminals today employ ever-more sophisticated methods to collect massive ransoms. Even the most security-conscious institutions are vulnerable because of their swiftly evolving tactics. This frustrates numerous businesses from various sectors, and as a result, many of them are anti-ransomware. There is no denying that firms in the financial services industry are a target of ransomware attacks.

According to the latest report from Sophos, “The State of Ransomware in Financial Services 2022,” ransomware affected 55% of financial services firms in 2021, up from 34% in 2020. This represents a 62% increase in only one year, showing that adversaries are now far more capable of carrying out large-scale attacks.

A total of 5,600 IT experts from mid-sized businesses in 31 countries, including 444 from the financial services industry, participated in the State of Ransomware in Financial study.

The likelihood of experiencing a ransomware attack increased in the financial services industry in 2021, contributing to a more general cross-sector trend in which 66% of respondents reported being affected by ransomware, up from 37% the year before. In spite of the increase in ransomware attacks, the financial services industry actually had the lowest rate of all the industries surveyed.

Financial services organizations reported the second-lowest rate of data encryption after those with the lowest rate of ransomware attacks. Just over half (54%) of those with ransomware attacks said the criminals were successful in encrypting their data, which is significantly less than the global average of 65%.

Do financial services victims get their encrypted data back?

One of the biggest challenges with anti-ransomware is knowing what to do best. Organizations have become more adept at handling the fallout of an attack as ransomware has become increasingly common. Nearly all (99%) financial services companies affected by ransomware that had data encrypted in the previous year had at least some of the encrypted data decrypted.

The most common way to restore data is via backups, which 66% of financial services businesses utilize when their data was encrypted. Even if the fact that backups are the main means of recovery is encouraging, the financial sector recorded one of the lowest rates of backup utilization, which is significantly lower than the global average of 73%. The industry should prioritize spending money on creating backups and practicing recovering from them.

In the financial services industry, 52% of respondents admitted to paying the ransom to get their data back. Given the lesser usage of backups, it is likely why this is greater than the 46% global average. Also, 24% claimed to have restored encrypted data using different methods.

Anti-ransomware, but still pay the ransom

From 65% in 2020 to 61% in 2021, the average amount of data recovered after paying the ransom decreased across all industries.

In 2021, ransomware victims in the financial services industry retrieved 63% of their data on average, somewhat more than the global average of 61%. In fact, between 2020 and 2021, the amount of data that financial services restored (63%) remained constant.

One of the industries most likely to pay the ransom to recover their encrypted data after a ransomware attack is financial services. Compared to the global average of 46%, the industry recorded a ransom payment rate of 52%.

Interestingly, the percentage of ransom payments by the financial services sector has increased significantly over the past year, from 25% in 2020 to 52% in 2021. At the same time, from 62% in 2020 to 66% in 2021, the ability to restore encrypted data using backups rose only a little.

The most important lesson to learn from this is that paying the ransom would only partially recover the encrypted data; therefore, don’t rely on it to restore all of it. Best practices are needed to ensure anti-ransomware is a possibility.

---

---

---