Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Banking Awards
    • Banking Innovation Awards
    • Digital Banking Awards
    • Finance Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    • Financial Awards
    • Private Banking Awards
    • Private Banking Innovation Awards
    • Retail Banking Awards
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Technology
    3. >Financial Services Should Be Preparing For An Explosion in Ransomware
    Technology

    Financial Services Should Be Preparing for an Explosion in Ransomware

    Published by Wanda Rich

    Posted on February 25, 2022

    6 min read

    Last updated: February 8, 2026

    Add as preferred source on Google
    An image depicting a Chief Information Security Officer (CISO) assessing security measures against rising ransomware threats in the financial services sector, highlighting the urgency for enhanced cybersecurity strategies.
    CISO analyzing cybersecurity threats in financial services - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Global Banking & Finance Awards 2026 — Now Open for Entries
    Tags:cybersecurityfinancial servicesrisk managementinvestmenttechnology
    Global Banking & Finance Awards 2026 — Call for Entries

    By Ian Jennings, CEO – Technical & Operations at BlueFort Security

    2022 is shaping up to be a tough year for chief information security officers (CISOs) at UK financial services firms. User and device sprawl brought on by changing working practises during the pandemic is still very much an issue for security teams, made more challenging still with a return to office working. Many firms are yet to establish exactly what their long-term hybrid working culture will look like and CISOs are facing the herculean task of mitigating cybersecurity risks in an increasingly complex IT environment. If circumstances were not challenging enough for CISOs leading the charge in financial services, the prospect of what can only be described as a ‘cyberwar’ over Ukraine is significantly elevating threat levels in the industry.

    Indeed, a joint advisory published by cybersecurity authorities in the United States, United Kingdom and Australia recently warned of an “increase in sophisticated, high-impact ransomware incidents” and encouraged business leadership teams to take steps to increase resilience to attacks. The joint advisory states that the UK’s National Cyber Security Centre (NCSC) recognises ransomware as the biggest cyber threat facing the United Kingdom.

    The UK’s financial regulator has also officially warned large banks and other financial services organisations with operations in the UK over the heightened risk of Russian-sponsored cyber-attacks. The Financial Conduct Authority (FCA) warned financial services was a potential target for retaliatory attacks should an invasion of Ukraine lead to sanctions being placed on Russian organisations. The European Central Bank issued a similar warning in the face of “the potential worsening of global tensions”.

    Assessing the ransomware threat to UK financial services

    The ‘technical details’ section in the joint US, UK and Australian advisory statement – “2021 Trends Show Increased Globalised Threat of Ransomware” – describes specific behaviours and trends the combined cybersecurity authorities observed among cyber criminals in 2021. Any CISO operating in the financial services sector should be carefully considering these observations to identify how mature their organisation is in mitigating these threats and where there may be gaps in their security posture.

    Top of the list – and likely of no surprise to any CISO – are the most frequently observed attack vectors for ransomware incidents: phishing emails, stolen Remote Desktop Protocol (RDP) credentials, brute force attacks and vulnerability exploitation. The statement also points out that continued hybrid working practises and an expanded attack surface mean these attack vectors are likely to remain popular with threat actors. With location still a fluid notion in many organisations, CISOs should focus on compiling an in depth and ongoing view of their IT estate. For security controls to be applied effectively across an organisation, assets must first be identified and located. At the same time, employee awareness and education is critical. The threat of cyber-attack should be front of mind for every employee across the organisation

    This statement also highlights the now well-established services nature of cybercrime. Ransomware as a service (RaaS) is a revenue share business model that recruits affiliates to distribute ransomware variants. With RaaS providers offering end-to-end support services to their clients, criminals with minimal technical abilities can launch their own sophisticated cyber-attacks. The NCSC points out that it has observed some ransomware threat actors offering a “24/7 help centre to expedite ransom payment”. While RaaS lowers the barrier of entry for cybercriminals looking to carry out ransomware attacks, the complexity and severity of the threat remains the same. For example, despite paying a $2.3 million ransom, when foreign exchange services provider, Travelex, fell victim to the RaaS group known as REvil in late 2019, the ultimate result was corporate fatality. The company cited the attack as a key factor in its administration announcement.

    Preparations for Big Game Hunting

    Authorities in all three countries cited Big Game Hunting as a key factor in the ransomware threat landscape. Big Game Hunting refers to attackers targeting organisations with sophisticated, bespoke attacks designed for maximum impact. Attackers choose their victim carefully, often targeting larger organisations where the potential for financial return is much greater. Attackers spend time selecting and studying their target before conducting any form of attack.

    While the United States, which has experienced some of the most high-profile Big Game attacks in recent years, such as the Colonial Pipeline attack, suggested threat actors are increasingly redirecting efforts to mid-sized companies, the NCSC observed attacks targeting organisations of every size – including Big Game victims.

    CISOs in financial services need to prepare their organisations for these sophisticated attacks, which are likely to increase significantly in the event of escalating geopolitical tension. Leaders must review the tools and processes their organisation has in place, ensuring they have a comprehensive security strategy from the ground up. The organisation’s cyber defence strategy should encompass the assets and data that need to be protected, the specific threats to those assets and the security tools and processes needed to deal with these threats.

    The tactics, techniques, and procedures (TTPs) employed in Big Game attacks are those typically associated with attacks targeting complex environments – from reconnaissance and initial access through to privilege escalation and lateral movement. Attackers may be present in an organisation’s network for months before deploying a payload. The attacker will likely have visibility into their victim’s backup and disaster recovery capabilities, making this form of attack extremely difficult to defend against.

    Start with the basics

    Getting the basics right first might seem obvious, but often this is both the most effective and overlooked aspect of an organisation’s defence strategy. In the days following the Colonial Pipeline attack, it emerged that the company had not implemented organisation-wide multi-factor authentication (MFA). One compromised password was used to gain access to the organisation, which had appeared in a list of leaked credentials published on the Dark Web. Had the organisation taken the basic step of ensuring MFA was in place, the attackers would likely have been unsuccessful.

    And while MFA offers a last line of defence, it is still crucial that passwords are updated regularly. A recent study found less than half of users change their passwords after a breach – for those organisations that haven’t yet found themselves in the cross hairs of cyber criminals, the figures will undoubtedly paint a more worrying picture still.

    The ability for cyber criminals to monetise attacks means it’s virtually certain ransomware will be the attack method of choice if retaliatory cyber-attacks increase in the coming months. Ransomware attacks have generated almost $1.3 billion in cryptocurrency payments over the last two years, with average payment sizes increasing significantly due to Big Game Hunting. However, ransom payments represent only a small proportion of the wider financial, reputational, and technologically damage a successful attack can result in. The message for the industry is clear – and is being shouted from the rooftops at the highest levels of government. Prepare and protect before it’s too late.

    Frequently Asked Questions about Financial Services Should Be Preparing For An Explosion in Ransomware

    1What is ransomware?

    Ransomware is a type of malicious software that encrypts a victim's files, making them inaccessible until a ransom is paid to the attacker.

    2What is a CISO?

    A Chief Information Security Officer (CISO) is an executive responsible for an organization's information and data security strategy.

    3What is phishing?

    Phishing is a cyber attack that attempts to trick individuals into providing sensitive information by masquerading as a trustworthy entity in electronic communications.

    4What is multi-factor authentication (MFA)?

    Multi-factor authentication (MFA) is a security measure that requires two or more verification methods to gain access to a system or account.

    5What is a cyber threat?

    A cyber threat is a potential malicious attack that seeks to damage or disrupt computer systems, networks, or devices.

    More from Technology

    Explore more articles in the Technology category

    Image for When Is a Dedicated Server the Right Choice for Your Business?
    When Is a Dedicated Server the Right Choice for Your Business?
    Image for Enter Now for Best IT/Technology Recruitment Agency 2026
    Enter Now for Best IT/Technology Recruitment Agency 2026
    Image for The Rise of Intelligent Automation: How Technology Is Redefining Work and Efficiency
    The Rise of Intelligent Automation: How Technology Is Redefining Work and Efficiency
    Image for How Automation Technologies Are Transforming Everyday Business Operations
    How Automation Technologies Are Transforming Everyday Business Operations
    Image for Asprofin Bank Announces Financing Initiative for Modular ‘Nanocenter’ Data Infrastructure
    Asprofin Bank Announces Financing Initiative for Modular ‘Nanocenter’ Data Infrastructure
    Image for Basel IV vs. The AI Bots: Why the Banking Rulebook Must Evolve in the Age of Algorithmic Herding
    Basel Iv Vs. The AI Bots: Why the Banking Rulebook Must Evolve in the Age of Algorithmic Herding
    Image for NordQuant Deploys Distributed Systems to Enhance Enterprise Digital Capabilities Introduction
    NordQuant Deploys Distributed Systems to Enhance Enterprise Digital Capabilities Introduction
    Image for Calling Entries for Data Center Deal of the Year 2026
    Calling Entries for Data Center Deal of the Year 2026
    Image for Nominations Now Open for Best Website Design Company 2026
    Nominations Now Open for Best Website Design Company 2026
    Image for Call for Entries: Best Digital Innovation Company (Non-Financial / Cross-Industry) 2026
    Call for Entries: Best Digital Innovation Company (Non-Financial / Cross-Industry) 2026
    Image for Nominations Open for Best Digital Content Service Provider 2026
    Nominations Open for Best Digital Content Service Provider 2026
    Image for Why Frontend Performance Matters for DMARC and Email Analytics Platforms
    Why Frontend Performance Matters for Dmarc and Email Analytics Platforms
    View All Technology Posts
    Previous Technology PostThe Role of Cloud in the Datacentre Revolution
    Next Technology PostBringing a Comprehensive Approach to Cybersecurity