Global Ransomware Attacks Surge, Threatening Financial Sector - Fitch

Tom Burroughes Group Editor 21 May 2021

Global Ransomware Attacks Surge, Threatening Financial Sector - Fitch

The recent crippling attack on a major US gasoline pipeline by ransomware hackers shows how serious cyber-security is to all sectors of the global economy - including the wealth management business.

An almost fivefold surge in ransomware attacks during 2020, accounting for a quarter of all cyber-security cases, shows how this has become an increasing menace to the banking and wider global financial system, according to Fitch Ratings

US direct written premiums to insurers against cyber risks rose by about 22 per cent in 2020 to almost $3 billion, and the direct loss ratio for standalone cyber risks rose to 73 per cent in 2020, the highest level recorded in the six years since data have been available, it said. 

The report came out as policymakers and energy executives were wrestling with a ransomware attack that took down the largest gasoline pipeline in the US – the Colonial Pipeline carrying 2.5 million barrels per day of gasoline and other refined fuels. Colonial reportedly paid a $5 million ransom to the group (source: CNBC, May 18, others).

“The volume, size and sophistication of ransomware attacks are expected to increase, as the risk of criminal prosecution remains low and profit incentives remain high. Fitch views the increase in attacks and severity as a credit negative; however, every incident will be evaluated within the context of each issuer’s credit profile,” the ratings agency said in a report.

Cyber-security threats targeting banks and wealthy individuals – such as those using family offices – have already been chronicled by Family Wealth Report as a major industry concern. A worry has been that advisors to HNW individuals and family offices haven’t traditionally been on the leading edge of IT security, and are therefore vulnerable. 

Ransomware attacks skyrocketed by 485 per cent in 2020 globally, according to Bitfdefender, accounting for nearly one-quarter of all cyber incidents, with total global costs estimated at $20 billion, per Purple Sec, Fitch said in its report. Ransomware attacks which threaten to release stolen data are rising and were 77 per cent of total attacks in the first quarter of 2021.This has helped drive up the cost of ransomware attacks, with the average ransom payment in Q1 of $220,298, surging by 43 per cent from the final three months of last year, Fitch said. (It cited data from to Coveware.)

“Recent incidents may spur internationally coordinated public and private efforts to help prepare for and mitigate against ransomware attacks,” Fitch continued.

It noted that the Institute for Security and Technology recently issued a Ransomware Taskforce report indicating that combating ransomware should be a global priority. The US Justice Department has established a ransomware taskforce with the FBI and federal prosecutors to increase coordination with the private sector and other agencies.

“Issuers with less sophisticated networks, security systems and IT departments may be most vulnerable to attack, but downside risk potential is higher at larger and more strategically important entities.

Ransomware [attacks] target every sector and geography, but certain sectors have proved more attractive targets than others,” Fitch said.

“Professional services firms, such as small law and financial services firms, are popular targets of ransomware attacks as they typically possess valuable personal identifiable information, payment data, or intellectual property."

Elsewhere, Fitch noted that cyber attacks against schools, local government, and healthcare providers more than doubled to 2,354 in 2020 from 966 in 2019 (citing figures from Emsisoft).

“Payment of the ransomware does not guarantee that stolen files will be returned or undistributed or that a decryption device will be provided. Payment of ransomware can expose financial firms to increased financial and compliance risk, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combating Financing of Terrorism (CFT) laws,” it said.

“Without the ability to transfer the risk, affected companies would face increased financial risk from a ransomware attack, which is a credit negative,” it added.

Colonial Pipeline was hit in May, forcing it to shut approximately 5,500 miles of pipeline, and disrupting delivery systems in Southeastern states. The FBI blamed the attack on DarkSide, a cybercriminal gang believed to be based in Eastern Europe.

Register for WealthBriefing today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes