Finance firms warned on rise of ransomware gangs in wake of Travelex attack

The recent cyber attack on foreign exchange provider Travelex demonstrates the growing threat of ransomware and serves as a stark warning that financial services firms need to step up their security. That’s according to a leading cyber expert. 

Tim Thurlings of bluedog Security Monitoring states that the company has detected a worrying increase in the number of ransomware attacks worldwide in recent months and blames a combination of factors including the ready availability of ransomware on The Dark Web alongside the uptake of cyber insurance which effectively allows companies to cover the cost of ransom payments.

The Travelex case follows a recent ransomware attack on Maastricht University, which is believed to have paid several hundred thousand Euros to retrieve its data.

Thurlings commented: “Ransomware is now big business. Criminal gangs are blatantly targeting companies and negotiating fees. The cyber crime market has become more professional. Coders develop ransomware and sell it on The Dark Web, which covers their own tracks and allows others to take the risk. Attackers can buy advanced malware from as little as €500. It even comes with Help Desk support to ensure that victims can access bitcoins to pay the ransom demanded.”

Typically, malware enters a company’s IT network through vulnerabilities in the system or through phishing e-mails to staff. Once inside, it spreads through the system, activating only once the back-ups and many of the machines are infected. The company’s data is then encrypted and the business grinds to a halt.

“This is when the clock starts ticking,” continued Thurlings, “as now everything is costing money. Productivity is at a standstill and experts are called in to restore the network. The ransomware demand is usually well thought out and set at an amount which is lower than the cost of fixing the problem. The attackers know that businesses have to be back on their feet or possibly go bankrupt. They also know that big companies are insured against these types of attacks. With the insurance companies picking up the bill, the attackers have created a very attractive and profitable business model.”

While big companies tend to be targeted by professional crime gangs, smaller firms suffer more random attacks, but can actually be more at risk.

“Attacks on smaller firms are more like drive-by shootings,” suggested Thurlings. “The criminals may send out a million phishing e-mails knowing that a small number of people will click through. Small firms are unlikely to have the money to pay the ransom, hire experts to restore their system or have cyber insurance so there’s a bigger risk of them going out of business.”

While companies need to secure their networks and educate staff about cyber security, Thurlings believes that firms now need to take their security to the next level by using a professional 24-hour cyber security monitoring service.

“Measures such as firewalls and endpoint protection which firms have traditionally relied upon are no longer adequate as they can be breached too easily,” asserted Thurlings. “Companies need to be able to detect threats inside the network, whether that’s ransomware spreading through the system, an attacker logging into it from a remote location or a rogue employee downloading sensitive data. A cyber security monitoring service will help ensure that any problems are identified and contained as quickly as possible with minimal impact on the business.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts