Ransomware is a growing concern to the financial sector. Threat actors have evolved from simply holding systems or data access for ransom. Some of the new revenue streams include:

• Extorting the victim over the data being leaked publicly, threatening their reputation.
• Threatening or conducting a distributed denial of service (DDOS) attack for non-payment.
• Criminal auctions of compromised data and access credentials.
• Ransomware-as-a-Service (RaaS): less technical actors simply buying ransomware kits.

Financial services firms tend to be well-protected with strong security measures in place, but suppliers are also susceptible to attacks. With Covid-19 prompting increased working from home, third parties critical to remote operations are now attractive targets. A ransomware attack against a third party could disrupt a large institution or multiple institutions and impact the larger economy.

The potential business impact of ransomware is now much higher than the cost of the ransom. The brand damage could be material and long-lasting, in addition to the compliance and regulatory considerations such as mandatory data breach reporting or GDPR fines.

One key way for financial institutions to protect themselves is by joining an intelligence sharing community. Criminal groups often attempt the same attack on multiple institutions and countries. When one member of the financial services community shares information about a threat, others can quickly put up their defences, thus lowering the attacker's returns by forcing them to start over. It can even lead to the direct disruption of a threat actor. An example is FS-ISAC's recent partnership with Microsoft to disrupt the Trickbot infrastructure, which is known to drop ransomware.

Intelligence sharing also makes cybersecurity more affordable; our members crowdsource tactical-level data and strategic insights. Prevention is cheaper than picking up the pieces after an attack, both in terms of cost and reputation, while strong cybersecurity is increasingly a competitive differentiator in the market no longer just a cost of compliance.

Attackers continue to evolve ransomware strategies and become ever more sophisticated, as we detail in our latest report, The Rise and Rise of Ransomware. No single institution can anticipate and defend against every attack. Now more than ever, collaboration is one of the best ways for financial services institutions to continue to adapt and thrive.