Ransomware, insider threats pose growing risk to financial services industry
A relatively new piece of ransomware is making the rounds through the U.S. business community, with particular focus on the financial services industry (FSI). This new threat is Yanluowang ransomware, and it has been observed in attacks on U.S. companies since August 2021. Based on similarities in tools, tactics, and procedures (TTP), researchers speculate the Yanluowang operator is a former affiliate of the FiveHands group. It appears that the Yanluowang ransomware threat is another example of an experienced threat actor moving on from an active group to create a ‘start-up’ of his own.
It is common for threat actors to change gangs and for hacking gangs to change identities. What makes Yanluowang interesting is that researchers say the ransomware has been "somewhat underdeveloped" since it appeared in August. Rather than developing the ransomware, the Yanluowang threat actors have been focused on conducting attacks. These attacks threaten the victim in multiple ways:
- Data is stolen prior to being encrypted to set up the standard double extortion attack
- Distributed denial of service (DDoS) attacks
- Phone calls to employees and business partners
- Destruction of company data in a subsequent attack
Use of the software is growing, and researchers do not yet know if Yanluowang is available as ransomware-as-a-service (RaaS). The original research on the Yanluowang ransomware is available here.
Increasing risk for the financial sector
The financial sector has been under pressure from increased attacks, budget cuts, and greater exposure due to remote-work scenarios. A full 80% of financial institutions have reported an increase in cyberattacks between February 2020 and April 2021. The result was a 238% global increase in external attacks, all of which caused monetary loss to the companies through remediation and business interruptions.
The financial sector also faces increasing risk from insider threats, as FSI employees have been challenged by fallout from the pandemic. Many employees have taken on additional work related to the administration of the CARES Act and Paycheck Protection Programs. There is also an unprecedented jump in mortgages that has added to the normal workload. Roughly 80% of financial institutions say staffing issues are their greatest concern, and the percentage of households that say their banking institution is not responsive has increased by 212%. The increased workload and staff shortages have left many employees disgruntled or careless and burned-out. Internal threats are growing across all sectors and now account for 39% of all data breaches.
Barracuda offers comprehensive ransomware protection and security solutions that are purpose-built for financial services institutions. Contact one of our experts for more information.