Ransomware attacks cost financial organizations US$32.3 billion in downtime since 2018

Ransomware attacks on the global finance sector have cost US$32.3 billion in downtime alone since 2018. That's according to new research from Comparitech, which found that 225 financial organizations are confirmed to have been hit by a ransomware attack in the last five years, exposing at least 32.3 million individual records. Downtime from attacks varied from one day to 52 days, with the average varying from 10 days to 14 days, Comparitech said. Ransom demands varied from US$180,000 to US$40 million, with an average demand of US$6.9 million, suggesting that around US$2.14 billion in ransom payments has been demanded in total, the firm added.

Comparitech's research is based on its ransomware attack tracker, which is updated daily. Its calculation of the US$32.3 billion cost in relation to downtime suffered by financial services since 2018 is based on a figure of US$8,662 per minute, the firm added.

The findings come in the same week as new data from Forrester, which revealed that attackers remain in the network of financial services and insurance providers longest compared to other industries, with financial firms struggling to both eradicate and recover from breaches. Furthermore, financial services breaches incur higher costs, with organizations paying an average of US$3 million in total, according to Forrester.

2023 could see significant rise in ransomware attacks on financial businesses

Comparitech's research revealed that, while the number of ransomware attacks on financial services dipped significantly last year (39 in total compared to 86 in 2021), figures for the first half of this year suggest there could be a notable increase in ransomware attacks in 2023. Up until the end of June 2023, 24 confirmed ransomware attacks on financial companies have been logged, compared to 16 noted in the same period of 2022, Comparitech said. What's more, while just over 3.5 million records were confirmed as impacted by ransomware attacks in 2022, so far this year, more than 14 million records have been affected, although most of these stem from the attack on Australia's Latitude Financial.

Attackers target "big ticket" companies, BlackCat most prevalent ransomware strain

Hackers appear to be going after "big ticket" financial companies with troves of data, Comparitech said. "By stealing large amounts of data as well as encrypting systems, hackers are increasing their chances of receiving a ransom payment. Equally, even if an organization fails to pay, personal financial data will fetch a premium on the dark web." Interestingly, insurance companies saw the highest number of attacks (65), according to Comparitech.

BlackCat/ALPHV ransomware has been the most dominant strain in 2023 so far, overtaking LockBit, the most prevalent in 2022. REvil and Conti were the most prolific in 2021 while Maze carried out the most attacks (where the ransomware strain is confirmed) in 2019/20, Comparitech said.