CM December 2023
THE CICM MAGAZINE FOR CONSUMER AND COMMERCIAL CREDIR PROFESSIONALS
THE CICM MAGAZINE FOR CONSUMER AND COMMERCIAL CREDIR PROFESSIONALS
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
INFORMATION SECURITY<br />
Held to ransom<br />
Ransomware is a growing concern.<br />
So what can you do about it?<br />
AUTHOR – Andrew Northage<br />
IN a recent joint blog post,<br />
representatives from the<br />
National Cyber Security Centre<br />
(NCSC) and the Information<br />
Commissioner’s Office (ICO)<br />
explained their increasing<br />
concern about what happens behind<br />
the scenes when ransomware attacks go<br />
unreported.<br />
The blog debunked a number of<br />
common myths relating to ransoms<br />
that invariably lead to trouble. Common<br />
misunderstandings included ‘if I cover<br />
up the attack, everything will be ok,’<br />
‘reporting to the authorities makes it<br />
more likely your incident will go public,’<br />
and ‘paying a ransom makes the incident<br />
go away.’ In reality, the truth couldn’t be<br />
more distant.<br />
The financial sector a risk<br />
In July 2022, TechCrunch reported that a<br />
‘ransomware attack on a debt collection<br />
firm is one of 2022’s biggest health data<br />
breaches.’ As the story outlined, a USbased<br />
professional finance company,<br />
which contracts with organisations to<br />
process customer and patient unpaid bills<br />
and outstanding balances, disclosed that<br />
month that it had been hit by ransomware<br />
the prior February.<br />
TechCrunch noted that the company<br />
said in its data breach notice that more<br />
than 650 healthcare providers were<br />
affected by its ransomware attack, adding<br />
that the attackers took patient names,<br />
addresses, their outstanding balance and<br />
information relating to their account. It<br />
said that in some cases dates of birth, social<br />
security numbers and health insurance<br />
and medical treatment information were<br />
also taken by the attackers.<br />
Overall, the U.S. Department of Health<br />
and Human Services reckoned that more<br />
than 1.91m patients were affected by the<br />
cyberattack.<br />
And a year later, to the day, Comparitech<br />
published research that detailed that<br />
since 2018, ransomware attacks on<br />
the finance sector have cost the world<br />
economy $32.3bn in downtime alone. It<br />
stated that from 2018 to June <strong>2023</strong>, 225<br />
financial organisations had been hit by a<br />
ransomware attack. It added that ransom<br />
demands varied from $180,000 to $40m<br />
but on average, hackers demanded $6.9m;<br />
and that downtime varied from one day to<br />
The regulations<br />
provide for the<br />
imposition of asset<br />
freezing and travel<br />
bans on persons<br />
involved in relevant<br />
cyberactivity. Other<br />
UK sanctions,<br />
known as sectoral<br />
sanctions, can<br />
restrict and prohibit<br />
certain activities,<br />
such as the transfer<br />
of funds to or from<br />
other jurisdictions.<br />
52 days, but the average downtime from<br />
attacks varied from 10 days to 14 days.<br />
If it’s scant relief, 2021 was the worst<br />
year for attacks on financial services<br />
organisations with 86 attacks. However, in<br />
2022 there were still 39 attacks and to June<br />
<strong>2023</strong>, 24 thus far.<br />
One of the biggest, albeit unconfirmed,<br />
ransoms was against Bank Syariah<br />
Indonesia’s (BSI) $20m in May <strong>2023</strong>. BSI<br />
was targeted by LockBit who demanded<br />
$20m in ransom. The bank refused to<br />
pay and LockBit has since leaked 1.5TB<br />
of data which is alleged to include the<br />
personal and financial information of<br />
15m customers.<br />
And then there was UK-based insurance<br />
company, One Call, that was hit by a £15m<br />
ransom from DarkSide in May 2021. No<br />
confirmation was given as to whether<br />
the company paid the ransom but it did<br />
take around 12 days for systems to be<br />
restored. With ransomware attacks on<br />
the rise within the financial sector, what<br />
are the risks and how should financial<br />
services organisations respond?<br />
The risks outlined<br />
Ransomware is malicious software – also<br />
known as malware – which prevents<br />
a victim from accessing their devices<br />
and data. Ransomware usually involves<br />
encryption of a victim’s files and extortion<br />
of a ransom payment in return for a<br />
decryption key to release the seized<br />
data. Ransomware attacks can involve<br />
exfiltration of a victim’s sensitive data,<br />
the threat of leaking information and<br />
contacting the victim’s customers,<br />
associates or employees. Ransomware<br />
can also be used to manipulate victims<br />
into complying with demands for other<br />
criminal purposes, or to advance personal<br />
or political agendas. Ransomware<br />
therefore represents risks to individuals,<br />
to businesses, and even to national<br />
security.<br />
The UK Government doesn’t condone<br />
the making of ransomware payments –<br />
because there’s no guarantee payment<br />
will result in release in any event; and,<br />
perhaps even more crucially, because<br />
such payments perpetuate the threat.<br />
Under current English law it’s not illegal<br />
to pay a ransom per se. However, making<br />
a payment in response to a ransomware<br />
attack can expose the victim and any<br />
Brave | Curious | Resilient / www.cicm.com / <strong>December</strong> <strong>2023</strong> / PAGE 20