The securities industry is facing a surge in ransomware attacks, and firms are increasingly willing to pay off their attackers and move on, reports the U.S. Financial Industry Regulatory Authority Inc. (FINRA).
In a notice to the industry, the U.S. self-regulatory organization said that ransomware incidents are becoming increasingly frequent and sophisticated, including attacks that involve the theft of client data and enable ongoing network access for the perpetrators.
“Ransomware attacks have proliferated due to, in part, increased use of technology and continued adoption of cryptocurrencies, which bad actors use to hide their identities when collecting ransom payments,” FINRA said in its notice — adding that the availability of attack services on the dark web have enabled attacks on a “much larger scale”.
Additionally, the targeting of smaller firms is growing more common.
“Bad actors using ransomware — including sophisticated cyber criminals, organized crime syndicates and state actors — have increasingly targeted small and mid-size firms,” it reported.
With the increased reliance on technology, some firms “have become more willing to pay ransoms to minimize downtime in operations, thereby increasing bad actors’ incentives,” the SRO added, but also warned that paying the ransom doesn’t always work.
“FINRA has observed instances where firms pay ransoms, but fraudsters failed to provide, or only provided a portion of, the promised recovery keys to decrypt and recover the firms’ files and data,” it said, adding that some firms that paid off their attackers have also faced follow-up attacks soon after the initial incident.
In its notice, the SRO provides guidance to firms on the adequacy of their cybersecurity programs in light of the increased threat, and reminding them of their obligations to immediately notify law enforcement of ransomware attacks.