Ransomware attacks have become increasingly common in recent years, affecting companies and organizations of all sizes and across many industries. These cyberattacks involve malware that encrypts an organization’s data and systems, essentially locking them out of their own networks and systems. The attackers demand a ransom payment in cryptocurrency in exchange for the decryption key to restore access. Many organizations feel they have no choice but to pay the ransom, often amounting to millions of dollars, in order to resume business operations. However, there are sometimes alternatives to paying the ransom, especially for companies that have invested in robust cybersecurity and data backup systems. This article explores whether fintech companies, which operate in the financial technology sector and handle highly sensitive customer data, can survive a ransomware attack without giving in to ransom demands.
What is fintech?
Fintech refers to companies that leverage technology and innovation to improve and automate financial services delivery. Fintech has disrupted traditional banking and financial services, with these tech-focused firms offering digital solutions across payments, investing, lending, blockchain, cryptocurrency, insurtech, and more. Leading fintech companies include well-known brands like PayPal, Square, Robinhood, and Stripe. Other examples are online lenders such as SoFi and Affirm that provide loans using non-traditional underwriting data and automated processes. As fintech has grown enormously in recent years, with global investment in the sector exceeding $138 billion in 2021 alone, it has increasingly become a target for cybercriminals.
Why are fintech companies prime targets for ransomware?
There are several key reasons why fintechs make attractive targets:
– Fintechs possess highly valuable and sensitive customer financial data – information like bank account and routing numbers, Social Security numbers, driver’s license info, credit card numbers, and more. Access to such data means major potential profits for attackers.
– Disruption of fintech systems can cause severe impacts on customer finances and ability to access funds. The pressure to restore services quickly motivates high ransom payments.
– Fintech brands are consumer-facing, so publicity around a cyberattack can seriously damage their reputation and customer trust. Many choose to pay the ransom to resume services before customers defect.
– As innovators handling money, fintechs cannot afford extended downtime. Prolonged outages preventing transactions will quickly sink revenue and profits.
– Fintechs aiming for rapid growth and new markets often prioritize innovation over security, leaving them more vulnerable. Their tech-dependent nature can also increase attack surfaces.
– Fintechs often lack resources of major banks, making them easier targets. Smaller fintechs with less mature security controls in place are especially exposed.
Recent examples of fintech ransomware attacks
Some notable recent cases of ransomware attacks against fintech firms include:
– In 2021 digital bank Aptoide was hit with a ransomware attack where the Conti gang encrypted its internal files and posted stolen customer data when their ransom demands were not met.
– Fintech lender CashCall had 700 gigabytes of data stolen in a 2020 attack, exposing loan applicant information. After refusing the ransom, the dumped data was used for extortion attempts against their customers.
– BlockFi, a financial services company for cryptocurrency users, was breached by Ragnar Locker ransomware last year. The hackers claimed to have stolen Know Your Customer (KYC) data and threatened to leak it.
– Attackers hit foreign exchange company Travelex early in 2020, bringing down their services globally for weeks. Travelex reportedly paid a $2.3 million ransom to restore systems.
– In 2019 ransomware crippled U.S. fintech firm iPayTotal, halting payments processing. The company paid the demanded ransom of over $100,000 in Bitcoin.
The trend of ransomware attacks against financial technology companies only looks to continue as the sector expands and cybercriminals seek lucrative targets. But for fintechs, there may be alternatives to paying ransoms that allow surviving these cyber incidents.
Surviving Ransomware Without Paying
Although many ransomware victims feel pressured to give in to ransom demands, there are often other options that don’t involve paying ransoms to criminal groups. While recovering from an attack without paying is challenging, for some fintech firms it may be the preferred path forward that avoids funding future crimes. Here are some key steps fintech companies can take to survive and remediate a ransomware attack without paying ransoms:
Have Offline, Air-Gapped Backups Available
The most critical measure is having complete, up-to-date backups of all data and systems that are stored offline and not connected to the network. This air-gapped backup acts as an insurance policy if ransomware encrypts primary systems. Fintechs should regularly back up customer data, account information, transaction records, databases, software, and all other essential assets and store copies offline and off-site to ensure the business can be restored independently of the impacted network.
Detect and Contain Quickly
It’s crucial to detect a ransomware attack early before it spreads widely across networks and encrypted backups.Advanced endpoint detection, firewalls, email security, and monitoring tools help fintechs spot the initial intrusion and malware deployment quickly to isolate systems and prevent further damage. Having an incident response plan in place allows rapid containment.
Leverage Cyber Insurance
Cyber insurance policies may cover some costs tied to ransomware attacks like incident response and restoration expenses. Fintechs should evaluate getting coverage scaled appropriately to their level of cyber risk and make sure policies cover ransomware scenarios. Just having insurance shouldn’t replace good security practices though.
Notify Customers and Stakeholders
Being transparent about an attack affecting customers and keeping them updated on response efforts can maintain trust and prevent misinformation. Having clear internal and external communication plans helps manage fallout.
Engage Expert Assistance
IT teams may require help from cybersecurity firms experienced in ransomware response and remediation to fully restore encrypted systems using backups. Computer forensics specialists can also analyze the attack to determine the malware variants and tactics used.
Enhance Security Posture
A full review of security defenses, policies, technologies, and staff training should follow a ransomware incident to identify and fix gaps that allowed the attack to happen. This prevents repeat compromises and makes fintech infrastructure more resilient overall.
Challenges of Refusing Ransoms
While fintech companies have options to recover without paying ransoms, there are still significant challenges involved:
Business Disruption
Without quick access to decryption keys, it may take considerable time to fully restore encrypted systems from backups and get services back online. Days or weeks of transaction delays and dark services can harm revenue and customer retention.
Stolen Data Exposure
If negotiations breakdown and ransoms aren’t paid, attackers often follow through on threats to leak or auction off stolen data. Recovering this data or trying to have it removed from the Internet becomes very difficult.
Reputation Damage
Despite best efforts to communicate with transparency, some customers will lose trust in fintech brands hit by cyberattacks if they experience prolonged account access issues or have information compromised.
Restoration Expenses
Having to fully rebuild systems using backups and enhanced security protections represents major unplanned costs that most ransom insurance policies won’t completely cover.
Incident Investigation
Thorough investigations into how attackers gained access and deployed ransomware takes time and ties up IT resources. But learning these lessons is critical for enhancing defenses.
Legal Liabilities
Lawsuits related to data breaches or failure to protect customer information are potential legal risks, especially if personal data gets leaked publicly after ransomware encrypts a fintech’s systems.
Key Factors in Ransomware Response
While each ransomware incident is unique, there are some key factors fintech firms should assess to determine the best course of action following an attack:
Damage Assessment
The extent of encryption and data theft across networks and backups impacts options. More limited breaches focused on certain systems may be fixable without ransom payments. Widespread compromise across backups leaves little alternative.
Time Sensitivity
The urgency around restoring customer access to accounts and transactions may force tough choices if backups and system rebuilding cannot remediate quickly enough to meet business needs or customer expectations.
Data Sensitivity
If highly sensitive personal customer data is compromised rather than just encrypted, the risks associated with refusing ransoms are amplified due to potential leaks.
Overall Resiliency
How resilient the fintech firm is overall, based on financial resources, cyber insurance coverage, security posture maturity, and technical capabilities, plays into its recovery capacity and tolerance for disruption.
Ransom Amount
If the ransom demand is small relative to the estimated costs of rebuilding systems, paying may be cheaper than refusing, depending on other factors. But exorbitant multi-million dollar ransom requests change the equation.
Ethical Stance
Some fintechs may choose not to pay ransoms on principle to avoid funding criminal entities and encouraging further cybercrime. But this ethical stance comes with greater costs and risks.
| Factor | Pay Ransom | Refuse Ransom |
|---|---|---|
| Damage Assessment | Systems and backups widely encrypted | Limited encryption focused on certain systems |
| Time Sensitivity | Immediate restoration needed | Extended downtime tolerable |
| Data Sensitivity | Highly sensitive personal customer data stolen | Mostly business data encrypted |
| Overall Resiliency | Limited resources and cyber insurance | Strong security posture and ample resources |
| Ransom Amount | Small relative to recovery costs | Excessively large, multi-million dollar demand |
| Ethical Stance | Willingness to pay criminals | Refusal to fund ransomware ecosystem |
This comparison table summarizes how different considerations can make paying ransoms or refusing to engage attackers the more viable option for recovering from a ransomware incident. Fintechs should weigh all these elements carefully when responding.
Are Some Fintechs More Vulnerable?
Within the financial technology sector, some subsets of fintech firms may face higher likelihood of ransomware attacks and greater challenges recovering without paying ransoms. More vulnerable categories include:
Small Fintechs
Small startups with limited staff, resources, and funding tend to invest less in security. Their nascent backup processes and lack of response experience also hinders ransom-free recovery.
Rapidly Scaling Fintechs
Fast-growth fintechs focused on expansion over security often provide the weak points attackers take advantage of. Their complex networks also make restoring from backups harder.
Distributed Ledger Fintechs
Blockchain-based fintechs have unique ransom vulnerabilities tied to their reliance on consensus mechanisms. If enough nodes are compromised, entire ledgers could require rebuilding.
Third-Party Fintech Vendors
Fintechs providing white-label banking, payments, or lending services to larger brands multiply targets for large-scale attacks that could impact many downstream firms at once.
Fintechs with Weak Security Cultures
Proactive cybersecurity requires buy-in across organizations. Fintechs where security lacks executive support or takes a backseat to speed and innovation put themselves at higher risk.
However, larger fintechs also cannot become complacent. Their valuable data, brand reputation, and role in the broader finance industry still make them prime targets if security controls lag. Ultimately, financial technology companies of all types and sizes must prioritize cyber resilience and ransomware readiness while still enabling business agility and delivering innovative products and services.
Fintech Cybersecurity Best Practices
For fintech companies to effectively prevent, defend against, detect, and recover from ransomware without having to make ransom payments, their cybersecurity programs should focus on these key best practices:
Robust Multifactor Authentication
Requiring strong authentication across all access points, including VPNs, makes it far harder for attackers to gain initial entry and move laterally.
Endpoint and Email Security
Advanced malware protection on user devices and securing email as an attack vector limits ransomware deployment opportunities.
Network Segmentation
Properly segmenting networks limits the spread of ransomware once inside, along with strict access controls between segments.
Vulnerability and Patch Management
Actively scanning for software flaws and rapidly patching keeps attack surfaces reduced rather than leaving easy exploitation points.
Backups and Disaster Recovery
Complete backup processes with versioning enable restoring data to a pre-breach state. Storing copies offline and offsite provides redundancy.
Incident Response Planning
Having an IR plan with ransomware scenarios included allows rapid, coordinated containment and remediation to avoid paying ransoms.
Cybersecurity Awareness Training
Educating all staff on threats and best practices makes them a “human firewall” against phishing and social engineering designed to deploy ransomware internally.
Penetration Testing
Proactively simulating cyberattacks helps fintechs assess and improve defenses based on exploitability findings before real adversaries can leverage the same vulnerabilities.
Conclusion
Ransomware remains a severe threat to financial technology companies given the high-value data they possess and need for transaction availability. While many ransomware victims feel compelled to pay large ransoms, fintech firms can potentially survive these attacks without funding criminal groups by leveraging backups, disaster recovery, cyber insurance, and a mature cybersecurity program. However, refusing ransoms comes with greater costs and risks related to business disruption, data leaks, recovery expenses, reputational damage, and legal liabilities. Each incident requires assessing these complex trade-offs. Ultimately, fintechs must take ransomware resilience seriously and implement best practices around backups, incident response, and holistic cyber defense based on their unique risk profile. With advanced preparation, quick detection and containment, plus assistance from digital forensics experts as needed, fintech companies can potentially navigate ransomware attacks without giving in to ransom demands while still maintaining customer trust and financial health.