How Ransomware Impacts the Financial Services and Wealth Management Industry

April 24, 2022by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing

The shift to hybrid work forced the financial services industry to implement widespread digital transformation efforts. While this makes it possible for firms to have a more location-agnostic workforce, it makes them more reliant on technology to get things done. It also makes it harder to guard against cybercrime.

The nature of financial services also exacerbates cybersecurity vulnerabilities. As more information is being sent, shared and archived digitally, there’s a greater volume of sensitive data to steal. Firms can expect their data — including their clients’ personal identifiable information, value of assets managed, business strategies, etc. — to be constantly under threat and vulnerable to ransomware attacks.

What is ransomware and how does it work

Ransomware is a specific kind of malware, which is a malicious computer program that hackers use to get access to sensitive data, encrypt it, and sometimes withdraw it.

Often, ransomware attackers demand cryptocurrency in exchange for (supposedly) providing the key to decrypt the data and make it usable again. They may also make guarantees not to expose the data publicly.

Ransomware is becoming more common and more sophisticated, and there seems to be no end in sight. No industry is safe. Attacks today have targeted giant auto suppliers, pharmaceutical companies, healthcare organizations, school districts, and countless more. Attacks have gone from blockage to encryption to quadruple extortion. The ransomware danger is growing, and anyone may become a victim.

Why financial services are ransomware targets

With financial services firms being a treasure trove of sensitive and personal information, ransomware is a severe and constant threat. For example, wealth management advisors have data that is particularly appealing to ransomware attackers:

  • Personally identifiable information (PII)

  • Financial information of clients

  • Trading models and business plans

  • Portfolio holdings

Not to mention, trillions of dollars in assets under management by financial advisors.

Should they be successful in acquiring sensitive data, hackers know those in the financial services industry have a strong incentive (and the funds) to pay the ransoms they demand, which is why this type of attack has become so common in the industry.


Ransomware by the numbers

Companies worldwide feel the impact of ransomware's emergence, but few have been hit harder than financial service providers and wealth managers.

  • In a recent survey, 34% of the financial services organizations surveyed were hit by ransomware in 2020, and 51% of the organizations impacted said the attackers succeeded in encrypting their data

  • Ransomware assaults have surged by over 150% in 2020, resulting in a succession of high-profile attacks against government institutions, key infrastructure, and private organizations

  • The average ransomware payment by victims has increased by 290% since 2019

  • The average cost of recovering from a ransomware assault in the financial services industry in 2021 was $2.1 million, more than $250,000 more than the global average

  • A quarter (25%) of financial services organizations whose data was encrypted paid the ransom to get their data back

Increasingly creative attacks

Double extortion has been a frequent method by ransomware hackers, especially when dealing with larger targets. This approach has a "two-for-one" effect:

  1. Encrypt files and demand a ransom payment in exchange for their decryption.
  2. Threaten to disclose or auction sensitive information obtained from the attack.

This method negates the effectiveness of backups (even if you restore your files, your data will be exposed).

Criminals have also used a "drip" method — leaking small amounts of data regularly to demonstrate that the data has been exfiltrated — and that the target will suffer further exposure unless the ransom is paid.

The need for a concerted response is becoming more urgent. Ransomware is becoming an increasingly global problem. As a result of recent attacks, pipelines, food producers, hospitals, schools, and governments have all been impeded.

Reduce ransomware risk

There are several anti-ransomware measures that financial services firms can use to lower their specific risks.


Preventing ransomware attacks is the first and most effective form of defense. Your preventative plan should be comprehensive, focusing on both tools and people. It's vital to cultivate a security-first culture and provide continual training to keep personnel alert and reduce human error.

As ransomware assaults become more sophisticated, phishing emails and other forms of social engineering are becoming more difficult to detect. Advanced tools that automate your cybersecurity monitoring can provide a holistic view of cyber risk across devices, networks, users and vendors to prevent an attack.

Swift detection and response

Financial institutions should implement technologies that provide comprehensive visibility into their networks to detect and mitigate cyber risk. It's also critical to respond quickly. Compliance and security teams must be able to assess true threats and manage incident response workflows to limit the harm. The goal is to reduce or prevent key financial services from being disrupted and any sensitive data from being compromised.

Develop operational resilience

Design and safeguard your network so that you can continue to provide critical financial services to clients even after a disruptive ransomware assault. Although achieving resilience is more difficult than recovering from ransomware, striving for resilience is vital given the nature of financial services.

Backup strategy

A good backup strategy is always useful if your firm is targeted by encryption-only ransomware or double extortion ransomware. Even if sensitive data is first exfiltrated before systems are secured, backups can help prevent downtime for essential customer-facing services. A disaster recovery plan that can restore affected systems or assets to a working state adds to a backup strategy.

Implement a cybersecurity solution

While many financial firms have internal IT departments that administers cybersecurity measures, its important to realize how quickly cybercrime tactics and strategies evolve. That’s why many firms use a cybersecurity solution to manage cyber risks.

An effective cybersecurity solution can:

  • Ensure all endpoint controls are in place, including providing all devices with anti-ransomware protection that’s enabled 24/7

  • Identify data exfiltration from a device or installation of Remote Access Terminal (RAT capability)

  • Ensure devices are updated with the latest system patches and updates

  • Provide security and cyber risk visibility across the entire organization from a single pane of glass, even in distributed environments

  • Ensure only authenticated users and secured devices have access to any cloud hosted sensitive information

Cybercrime is becoming more sophisticated. Don’t fall behind.

Financial institution ransomware strikes aren't going away anytime soon. Criminal hacking groups will continue to target financial services providers worldwide. However, by investing in a proper ransomware mitigation strategy, threats can be minimized and drastically reduced.

We specialize in mitigating cybersecurity risk instantaneously with built-in remediation applications. Visit or contact us to learn more.

Share this post!

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Contact Us

Tell us about yourself, and we’ll be in touch right away.