The ransomware plague is not letting up and rapidly getting more technically sophisticated. New strains are popping up every month, using innovative methods to spread. Worse, the ransom demands themselves are skyrocketing at the same time.
This week, cyber insurance experts reported incidents with ludicrous 1 million dollar extortion attempts after attackers were able to encrypt some very important data. The fact that the criminals felt able to demand a king’s ransom is telling.
Global data recovery firm Proven Data provides ransomware assistance, data recovery and digital forensic services to companies worldwide. It works with insurers, brokers and individual companies to minimize downtime after cyber incidents and restore business functionality as quickly as possible.
Victor Congionti, CEO of Proven Data told Insurance Business: “Ransomware is only going to become more sophisticated, we expect hackers to start using machine learning and artificial intelligence to develop ransomware variants that evade anti-virus with ease.”
Linda Hamilton, client operation manager at Proven Data said: “In the past, hackers used to prefer RDP brute-force attacks where they would enter a system, locate back-ups, encrypt with a variant of ransomware and then leave. The attacks were relatively simple and straightforward.”
They’re generally doing a lot more damage than they used to
Hamilton continued: “That’s not the case anymore. We’re seeing more and more hackers moving laterally within systems. They’re getting smarter, turning off anti-virus systems, and creating domain controller accounts to gain complete access to systems. They’re generally doing a lot more damage than they used to.”
Cyber criminals are also getting smarter in specifically targeting who to extort. Manufacturers, hospitals, government agencies and schools are particularly susceptible to an attack, especially if they hold sensitive personal information that hackers can exploit to demand more money.
Targeting larger organizations demanding higher ransom fees
“Hackers are targeting larger organizations because they’re able to demand a higher ransom fee,” said Mark Congionti, Proven Data’s president of operations. “They’re also tending to target countries where they think they can extort more money, so places like the US, the UK and Canada where there are higher costs of living, higher wages and so on.”
A British enterprise stared at a million pound ransom demand
The source for the tale is Graeme Newman of CFC Underwriting, whose company traces its roots back two decades and is proud to have pioneered cyber-insurance years before the first weapons-grade strain of ransomware CryptoLocker had even been invented.
CFC says it has recently started seeing ransom demands for 100K and 200K pounds from clients, part of an uptick in claims connected to targeted extortion as well as that other big scam CEO fraud, also known as Business Email Compromise (BEC).
“This is the largest ransom demand we have seen to date in the UK and follows a current trend of increasingly targeted extortion demands, with increasingly large amounts demanded,” says Newman.
The role of cyber-insurance, should they pay the ransom?
For small and medium organizations, Newman said, “cyber-insurance is a short cut to help at a time of crisis.” With a cyber-insurance provider involved, “they’ll have a lawyer on hand, a forensics company, a notification provider, a PR consultancy, and an incident-response manager who can manage the whole project end to end. It’s peace of mind of having somewhere to turn to.”
However, if an organization’s backups turn out to fail, paying the ransom is the preferred insurer’s option because it’s cheaper—consider just the downtime alone—than restoring all systems manually.
A potentially unintended consequence, becoming a target
It’s a pessimistic analysis: having a ransomware extortion insurance policy might make an organization more likely to be targeted. Cyber criminals would attack and try to figure out if their mark is covered for extortion, so in a network-wide infection where all machines are locked at the same time, an insurer might pay quickly.
High-risk organizations in that case would be the insurance company themselves, their brokers, and employees in Legal, Accounting and C-level positions who would know about cyber security insurance policies. Allied Market Research predicts that the sector will grow into a 14 billion dollar global market by 2022.
The most effective way to protect your network against ransomware infections
Here are the three ways most organizations fend off ransomware attacks:
- Weapons-grade backups, ideally hourly snapshots that are easy to roll back.
- Religious patching of both the OS and all third-party apps.
- New-school security awareness training with frequent phishing tests.
Stepping all employees through new-school security awareness training is an absolute must “piece of the defense-in-depth puzzle” to protect your network.
Users become your last line of defense and your essential, additional security layer: an effective human firewall.