Criminals doubling down on multi-layered ransomware attacks against financial services

Ransomware attacks against financial services organisations continue to pose a perpetual threat, with IT teams in the sector struggling to keep pace with ever-increasing cybersecurity needs. In the last year ransomware attacks surged 105%; whilst according to Veritas data, almost half (48%) of financial service security teams believe that data security lags behind their digital transformation deployments. Despite the efforts of malicious actors seeking to target financial institutions, it is a sector that is seemingly failing to keep pace with others when it comes to countering increasingly sophisticated and multi-layered attacks. Adding to this painful mix is now the emergence of double and triple layers of extortion.

Double troubler ransom tactics

Double extortion, or, pay-now-or-get-breached, is a criminal attempt at a failsafe, where hackers not only hold systems hostage by encrypting data, but also threaten to leak sensitive information online. So businesses need to be prepared both with backup copies of their data to counter traditional ransomware attacks and have a strategy to deal with  the threat of information being exposed.

Allied Universal’s Systems is understood to be the first major breach in which double extortion was used. However, the Colonial Pipeline attack in May 2021 has topped the bill as the highest-profile case where criminal group DarkSide stole 100 GB of data for a ransom of $5 million to unlock its data or face a leak.

It is now a popular tactic, having been extensively and successfully deployed by Maze operators; double extortion ransomware attacks increased by almost 500% in 2021, with the number of attacks rising nearly 200% quarter over quarter.

A powerful triple threat

Triple extortion ups the ante further, with attackers adding a third layer of threat, for example, by threatening to disclose the breach to major customers or partners and the press, resulting in potentially devasting loss of reputation. Another tactic involves launching a distributed denial-of-service (DDoS) attack to distract and overstretch the IT team.

In late 2020 Vastaamo, a healthcare company from Finland, was put under increased pressure following a ransomware attack as worried calls from patients flooded in to its support service and the police.

The combination of a ransomware attack with a DDoS attack and the reactions of anxious clients, can make businesses feel pushed to the edge, forcing them to comply with hackers’ demands to avoid further disaster.

Five ways to see off multilayer attacks

Double and triple ransomware threats require an encompassing defense strategy, here is where to start:

1. Implement a comprehensive and robust data protection and recovery solution – encrypting data and locking it away from their victims is the first thing that ransomware hackers will try to do.
2. Encrypt your own data – exfiltration attacks only work if the hackers can read the information that they’ve stolen.
3. Follow a zero trust methodology for data access – businesses can limit what data is locked, blocked or stolen by ensuring that people and applications only have access to the data they need.
4. Monitor data in real time – businesses need to react rapidly to threats and stop them in their tracks, this requires immediate alerts when anomalies are detected.
5. Understand your data – most ransomware attacks rely on the victim if the attacker has hold of something valuable, yet only 15% of the data that businesses store is valuable to them. Knowing if the data that has been breached is worth paying for should be a key factor when deciding what to do.

Augmentation and Autonomy

Triple extortion requires vigilance on multiple fronts. IT departments at financial services companies are pulled in different directions and, soon enough, a chink in the armour can become a full breach. Stretched too thinly, they’re overwhelmed. This is exactly what hackers are trying to do.

While people and human talent is the first line of defence, people alone cannot provide full security coverage - they aren’t infinitely scalable. Rather, their skills need to be augmented with technology that can harness AI and machine learning to autonomously fight back.

Now, organisations can empower their data management systems to autonomously assist IT teams in the process of all-encompassing data protection. While autonomous solutions work away in the background, human talent can get to work on problem solving and strategy, knowing the shield is up.  

Triple extortion is another example of hackers adopting new strategies that seek to overwhelm and force the hand of financial services to pay up. Cybercriminals are ruthless in their pursuit of advantage, adopting new technologies with vigour. Organisations must do the same; stepping up with sophisticated solutions that disarm criminal shock tactics and send a clear message – no threat may pass.