Nearly two weeks on from the ransomware attack which crippled essential systems at Travelex, the foreign exchange firm continues to suffer huge disruption to its global business. The scale of ambition demonstrated by the attackers points to an evolution of the ransomware threat which could substantially increase the risk faced by large enterprises.
Reporting throughout 2019 suggested that organised criminal groups were conducting sophisticated research against potential targets for ransomware attack, specifically focused on financial resources. Threat actors appeared to be assessing what value ransom a particular target would be able to pay. This was a marked shift away from the indiscriminate ‘high volume/low value’ approach most commonly adopted for ransomware campaigns. In the hunt for return on investment, criminals appeared to be seeking out those targets which might yield the highest ransom.
This points to a significant increase in the sophistication of the ransomware threat to large enterprises in particular. In the case of Travelex, the ransom demand of USD 6 million represents a major escalation in the scale of demands. Not only that, the attackers appear to be using the possibility of regulatory fines as a further weapon, by threatening the release of confidential data. This is not a random attack by opportunistic thieves, but a carefully planned operation designed to extract maximum return for the attackers.
The insurance industry, which offers protection to businesses like Travelex, is already planning for this type of event. At CyberCube, we’re building the complex models that allow insurers and other organisations to examine what the effect of a catastrophic ransomware attack would be. In the case of Travelex, its problems have affected partner businesses like Sainsbury’s, Tesco and Virgin Money. A major systemic ransomware event would spread much more widely, potentially hobbling large swathes of the economy.
CyberCube clients have received a Cyber Event Response Report, exploring ransomware trends at a technical level. My colleague, Alejandro Sauter, Cyber Risk Analyst, wrote in the report: “The threat of ransomware has become significantly focused in the cybersecurity and cyber insurance worlds since the WannaCry attack in 2017. While ransomware has been around for much longer, key changes in the past few years have truly boosted its growth in use by cybercriminals, whose interest in using this type of malware primarily lies in the speed and ease of monetization.”