In our most recent Financial Services Threat Brief, we provide insights into the latest cyber threat landscape, including emerging threat actors and risks. It’s not surprising that cyber-attacks in the financial sector are a growing global threat, but one type of cyber-attack is more successful than others: ransomware.

Year-over-year ransomware attacks have continued to increase, and there seems to be little indication that this will change. In fact, because of a cyber-attack, CNA Financial had a network disruption that lasted from March 21 to May 12. Additionally, they paid the $40 million ransomware demand.


According to the Ponemon Institute, ransom payments typically account for less than 20% of the total cost of a ransomware attack. Their research shows organizations suffer more from lost productivity and the time-consuming task of containing and cleaning up after a ransomware attack.

The financial sector remains a main target for cybercriminals due to the potential exploit of financial transactions and personally identifiable information of customers and companies for significant monetary gains.

Earlier this year, Sophos released survey findings on their annual “state of ransomware” report, in which 550 financial services organizations participated.

Ransomware Statistics for Financial Services          

  • 34% of financial organizations who participated in the survey (185 organizations) reported that they were affected by ransomware attacks
  • More than half (51%) of those financial organizations affected by ransomware (95 organizations) reported that their data was encrypted because of the attacks

Of the Sophos survey respondents in the financial sector who admitted to being attacked, only 25% admitted that they paid the ransom. This is below the average of ransomware victims (globally 32% of victims admitted to paying the ransom).

These findings underscore LookingGlass’s own intelligence and research. Our intelligence analysts monitored several ransomware groups who specifically targeted, hacked, and published data from financial sector organizations.

Top three ransomware groups

Though some of these ransomware groups are no longer active, they were among the top-grossing threat actor groups in 2021.

  1. Avaddon (the group is no longer active)
  2. REvil/Sodinokibi
  3. Egregor (the group is no longer active)

For more information, download our Financial Services Threat Brief. It provides an overview of threats LookingGlass has observed over the past year from our external attack surface management solution and from open-source research and intelligence analysis used to support our customers.

Financial services organizations can use this information to better understand adversary/actor profiles, motivations/objectives, and the types of threats and tactics used by adversaries targeting the sector. Download the report here.

Download the Financial Services Threat Brief