Skip to Main Content
Contact us

  • The Private Bank’s mission is to build, preserve & transform our client’s wealth.

  • We work with a variety of clients to help them achieve their unique ambitions.

  • Our world-class economists, strategists, and investment specialists share their timely ideas and perspectives.

  • We have worked with clients for more than 200 years to help them achieve their unique ambitions.

Contact us
What We Do
Who We Serve
Insights & Advice
About Us
What We Do
Who We Serve
Insights & Advice
About Us
Cybersecurity

Ransomware Attacks are increasingly sophisticated. Are you ready?

Ransomware attacks have become increasingly sophisticated, particularly with the aid of Artificial Intelligence (AI) tools. In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. As a result of ransomware attacks, $1.1 Billion of ransoms paid from victims in 2023 was particularly shocking as it nearly doubled the $567 Million in ransoms paid out in 2022.1

The rise and cost of a cyber ransom

In 2023, ransomware attacks impacted 1 in every 10 organizations worldwide, surging 33% from previous year.2

Often small and medium sized businesses and organizations are no strangers to ransomware, with environments often much less secure yet more vulnerable than larger organizations.2,3 Those firms that find themselves unprepared in the face of ransomware attacks may decide to pay a ransom to minimize business impact.  There is much you can do right now to get ahead to protect your firm and help safeguard personal information and wealth.

 Some organizations that are not regulated may prefer to keep ransomware attacks private.  Ransomware attacks  can lead to loss of reputation, require expensive public relations efforts and strain relations with valued stakeholders. However, the additional toll on the business leaders and the organizations’ clients should not be underestimated.

Beyond any ransom paid, the cost of cleaning up and remediating a ransomware attack can impact your company’s downtime, technical remediation and even have reputational damage. As for potential financial losses, the average cost of a ransomware attack – including detection and escalation, notification, post-breach response, and lost business – rose to $5.13 million in 2023, which represents a 13% increase from 20221.

Moreover, ransomware insurance, even if you keep it up-to-date and are in full compliance with its terms, is unlikely to cover all costs.

How to protect yourself against ransomware

Prevention is your best defense. Here are the critical steps in any good plan:

1) Know the enemy

Ransomware is a form of malware that typically works to deny a company’s access to its own critical systems or data files until a ransom is paid. In recent twists on this basic playbook, cybercriminals have threatened to exploit sensitive information unless a ransom is paid. Infiltration comes through a number of avenues; one of the top means is through phishing emails that, seemingly from legitimate vendors or contacts, entice users to click on a link or attachment.

Once in a system, ransomware can lie undetected in an organization’s systems for days, even months, collecting information before a successful attack is launched and ransom demanded. Personal as well as business information can be compromised.

Criminals typically demand to be paid in cryptocurrency, such as bitcoin, as they seek to stay anonymous.

2) Stay ready

  • Engage a cyber partner upfront that can help you create and develop your preparedness.
  • Consider cyber insurance, however know that cyber insurance firms will require that certain layers of defense have implemented.
  • Back up data and networks regularly and inaccessible from your company network.
  • Ensure all systems are on the latest software releases, which include essential security patches and address known vulnerabilities.
  • Establish a business incident response team to include business representatives, Technology, Operations, Communications and Legal prior to any incident to address business and regulatory issues.
  • Prioritize critical business functions in a disaster recovery plan, should an incident still occur.
  • Maintain data and operations contingency plans so your company can operate if attacked. This may include partnering with outside specialists who can help you navigate a ransomware incident.

3) Rally the troops – they are the first line of defense

  • Emphasize the importance to everyone in your organization remaining vigilant and report anomalies.
  • Institute ongoing cyber educational programs that include a variety of cyber awareness exercises (e.g., phishing simulations, regular training). Informing and reminding them where they can report suspicious activities and emails.

4) Test your readiness

  • Conduct regular cyber assessments and routine monitoring to understand your vulnerabilities or cyber risks.

5) Strike

  • Mobilize the business incident response team and call upon your partners to quickly address and mitigate paying any ransom.
  • Use the disaster recovery plan established to minimize potential downtime and loss.
  • Contact the FBI and local law enforcement, who often have specially trained cyber squads. Rapid reporting can help support the potential recovery of lost funds. 

Compromised? Minimize the damage 

Ransomware is in the headlines daily. If one of your third parties or vendors in which you do business with is compromised, don’t wait; take immediate action. Understand the type, class and data that was compromised. Try to ascertain the data that has been impacted and understand if personal identifiable information is at risk. If so, those individuals should be notified as soon as possible so they can work to protect themselves. 

Protect yourself, separate from whatever that company does. Before you are also a victim of a cyberattack, change your password at all the sites at which you have used that same password, and contact every financial institution with which you do business to tell them your information or credentials may have been compromised.

If you live in the United States, we also suggest freezing your credit with all the major credit agencies so that fraudsters cannot open new accounts in your name. Consider placing alerts on existing accounts to watch for unauthorized activity. Compromised credentials can cost you a lot.

We can help 

If you want to learn more about the other cyber threats and how you can protect yourself, please reach out to your J.P. Morgan team for our educational tips sheets or to schedule a cyber education session. Visit our Cyber & Fraud Prevention Hub, for more information.

 

1Fisher Phillips |  https://www.fisherphillips.com/en/news-insights/ransomware-costs-businesses-record-high-1-billion-in-2023.html#:~:text=The%20%241.1%20billion%20tally%20of,ransoms%20paid%20out%20in%202022

2Checkpoint | https://blog.checkpoint.com/research/check-point-research-2023-the-year-of-mega-ransomware-attacks-with-unprecedented-impact-on-global-organizations/

3Verizon DBIR | https://www.verizon.com/business/resources/reports/dbir

Important Information


This document is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided in this document is intended to help clients protect themselves from cyber fraud. It does not provide a comprehensive listing of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization is responsible for determining how to best protect itself against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs. Any reproduction, retransmission, dissemination or other unauthorized use of this document or the information contained herein by any person or entity is strictly prohibited.

Please read all Important Information.

General Risks & Considerations

Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation/diversification does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g., equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan team.

Non-Reliance

Certain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/ reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks will vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.

Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.

TAGS

Share

Ransomware is on the rise as cybercriminals take advantage of these uncertain times. Discover how to prevent ransomware attacks with these steps.

In this article

EXPERIENCE THE FULL POSSIBILITY OF YOUR WEALTH

We can help you navigate a complex financial landscape. Reach out today to learn how.

Contact us

Cybersecurity

1 minute read

Navigating Aging: How to plan for “what if?”

Trending Insights

LEARN MORE About Our Firm and Investment Professionals Through FINRA BrokerCheck

 

To learn more about J.P. Morgan’s investment business, including our accounts, products and services, as well as our relationship with you, please review our J.P. Morgan Securities LLC Form CRS and Guide to Investment Services and Brokerage Products

 

JPMorgan Chase Bank, N.A. and its affiliates (collectively "JPMCB") offer investment products, which may include bank-managed accounts and custody, as part of its trust and fiduciary services. Other investment products and services, such as brokerage and advisory accounts, are offered through J.P. Morgan Securities LLC ("JPMS"), a member of FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. JPMCB, JPMS and CIA are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.

 

Please read the Legal Disclaimer for J.P. Morgan Private Bank regional affiliates and other important information in conjunction with these pages.

INVESTMENT AND INSURANCE PRODUCTS ARE: • NOT FDIC INSURED • NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY • NOT A DEPOSIT OR OTHER OBLIGATION OF, OR GUARANTEED BY, JPMORGAN CHASE BANK, N.A. OR ANY OF ITS AFFILIATES • SUBJECT TO INVESTMENT RISKS, INCLUDING POSSIBLE LOSS OF THE PRINCIPAL AMOUNT INVESTED

Bank deposit products, such as checking, savings and bank lending and related services are offered by JPMorgan Chase Bank, N.A. Member FDIC.

Not a commitment to lend. All extensions of credit are subject to credit approval.

Equal Housing Lender Logo