Ransomware is a worldwide phenomenon, with some of the most dangerous malefactors coming from regions like Russia. Unsurprisingly, many cybercriminals often target U.S. victims.
Data from Trustwave SpiderLabs found that the percentage of reported ransomware attacks involving U.S. organizations increased from 51% last year to 65% in 2024. Brazil and Canada followed as the second and third most affected countries.
These attacks continue to target the financial services industry, with banks being particularly vulnerable. The banking sector accounts for a fifth of all ransomware attacks in the U.S., while credit unions contribute an additional 8%. In December, more than 60 credit unions nationwide were hit by a ransomware attack, and earlier this year, a cyberattack shut down California’s Patelco Credit Union for weeks.
According to Trustwave SpiderLabs’ report, Defending Financial Services in 2024, Russia-based AlphV (also known as BlackCat) and LockBit are the predominant groups operating in this space. LockBit is responsible for about a quarter of all attacks this year, while AlphV accounted for 10% of attacks in 2023, but its share has increased to 24%.
There are reasons to believe that the increasing exposure of these organizations may help hasten their demise. AlphV was responsible for the most notorious ransomware attack of the year, forcing payments processor Change Healthcare to pay an estimated $22 million ransom.
After squabbling over the ransom money, the ransomware gang was further unsettled by the public disclosure of their attack in the press. Some reports have even suggested that AlphV was shutting down completely, although this doesn’t appear to be the case.
Finance As a Target
The reasons why both U.S. and lending organizations are prime targets for these attacks are clear. Financial institutions handle vast amounts of sensitive data and orchestrate large monetary transactions, making them attractive to criminals looking to disrupt operations and extract large ransoms.
“To mitigate rising threats from cybercriminals, financial institutions must enforce stringent access controls, implement continuous monitoring, and enhance employee vetting processes,” said Karl Sigler, Security Research Manager at Trustwave SpiderLabs. “Institutions should also implement layered security measures, including advanced email filtering and dark web monitoring, to better detect and respond to potential threats in real time.”
Yet too often, the targets make it easy for these attacks to occur. In the case of Change Healthcare, its parent company, UnitedHealth, later admitted that it wasn’t using multifactor authentication to secure its most critical systems.
