The financial services industry has long been a prime target for cybercriminals, from the days of large-scale account takeovers and payment card fraud to today's era of ransomware and extortion. While regulatory safeguards, vendor action, and law enforcement takedowns such as Operation Tovar have diminished certain forms of fraud, adversaries continue to adapt their methods.
In this session, Sophos Counter Threat Unit (CTU) researchers will share fresh insights on the ransomware threat landscape, with a focus on financial services. Drawing on intelligence gathered from incident response, MXDR investigations, dark web monitoring, and botnet emulation, CTU will explore how historic banking-focused groups—including GOLD BLACKBURN (Dyre/Trickbot) and GOLD DRAKE (Dridex)—have pivoted to ransomware operations, driving ransom demands and payments in the multi-million-dollar range.
Attendees will learn:
- The latest ransomware attack trends affecting financial organizations, including median ransom demands of $3M—over double the cross-sector average—and key operational weak points that attackers exploit.
- How the financial sector compares to other industries in encryption rates, ransom payments, and recovery strategies.
- The role of business email compromise, malicious mobile apps, and money mule networks in today's fraud ecosystem.
- The evolving risks of geopolitically motivated attacks, including hacktivism and state-sponsored campaigns targeting banks and cryptocurrency infrastructure.
Financial institutions face unique pressures at the intersection of compliance, customer trust, and threat actor innovation. This webinar will equip security leaders and banking professionals with actionable intelligence to strengthen defenses, reduce risk, and prepare for the next generation of ransomware and financial cybercrime.
