Given that ransomware is a significant concern for any firm that holds sensitive data and there has been a 1400% increase in cyber-attacks reported to the FCA since 2014, it is clear that ransomware should continue to be a concern for the alternative investments industry. Cyber-crime also likely presents a larger problem than it initially appears to: the FCA does not require firms to report themselves being victims of financial crime.
Ransomware has two main forms of attack: encrypting key systems then demanding a ransom to decrypt it and withdrawing the data then demanding a ransom to avoid publication of said data. In an office setting, procedures are required to be in place so that data is properly protected. However, workers in practice will store and process information on their personal devices when remote working, which will be less secure. Therefore, the increase in remote working presents a risk that cyber-criminals can exploit.
Additionally, increased reliance on cloud service providers (CSPs) to store data can pose issues. Whilst building relationships with CSPs can ensure that adequate security procedures are being followed, this is not practical for ‘all but the largest firms’, according to the FCA. Only 9.4% of CSPs currently encrypt their data. Further increases in cybercrime therefore may put a premium on those that do. It is therefore vital to partner with a managed service provider who can support your cloud and security requirements effectively.
For the Alternative Investments industry in particular, investor data is a concern. Currently, ransomware mainly targets education, healthcare, and government bodies. However, as attacks increase, it is likely that these sectors will adapt and become less vulnerable. Therefore, it is natural that cyber-criminals will turn to other sectors. Firms need to maintain a good relationship with investors, and this includes protecting their data. This gives cyber-criminals leverage that can exploit.
Another important trend to follow is the use of cryptocurrencies to launder income from cyber-crime. Various exchanges used to convert cryptocurrency into fiat money, such as Binance and KuCoin have started to require users to verify their identity to prevent use by criminals. However, there are still smaller exchanges that don’t require identity verification that could implicate criminals. Furthermore, there are still privacy coins, such as Monero that can be used to send funds – and extract ransoms – untraceably. Whether governments decide to regulate cryptocurrencies is therefore a key determinant in the rate of ransomware use.
Whether the FCA will go beyond guidelines and require companies to report ransomware attacks, like the SEC do in the US, is also worth considering. In the current system, firms have a disincentive to report attacks for fear of discrediting themselves. Therefore, other firms and the FCA don’t have the information to respond proportionally to the problem. This introduces risk. Therefore, if high-profile attacks such as the Colonial Pipeline attack, where $4.4 million was extracted in ransom, become more frequent, the FCA may consider further regulation.
Russian government policy objectives also impact ransomware use. Though the nature of crime means it isn’t possible to get accurate statistics on the locations of various cybercrime rings, it is clear that a large amount of the gangs, including REvil and the Darkside gang, who carried out the Colonial Pipeline attack, are based in Russia. In addition, Russia has state-sponsored hackers on their payroll. The Russian government is sending mixed signals. On the 14th January, the Russian police arrested REvil members upon payment by the US government. The transactional nature of the arrest implies the Russian government is neutral towards these criminal groups, as they are a national source of income, but is willing to crack down on these groups if there is a larger incentive. The invasion of Ukraine, ongoing at the time of writing, has soured relations between Russia and the West, implying a loss of opportunity for the sort of cooperation that could curtail cyber-crime.