Enterprise security and the resurgence of ransomware

Published: Tuesday, 28 April 2020 08:50

A recent resurgence in ransomware has seen it shoot right back to the top of the cyber crime list. While much of this resurgence can be attributed to the arrival of new ransomware mutations, another factor seems to be playing a major role as well; the growth of cyber insurance. Jan van Vliet explains…

Since the mid-2000s, ransomware attacks have represented an ever-present cyber menace for smaller and large enterprises alike. Initially a threat that primarily targeted individual users, cyber criminals quickly pivoted their effort to focus on more profitable corporate targets.

Within a couple of years, ransomware worms like WannaCry and NotPetya were crippling organizations around the globe as cyber criminals targeted public institutions such as local governments, hospitals and universities, alongside commercial businesses of every shape and size.

In response, as organizations doubled down on cyber security and user awareness training, attack volumes began to fall. But, as night follows day, a recent resurgence of highly targeted and sophisticated attacks has again propelled ransomware to the top of the cyber threat listing.

And strange as it may seem, the rise of the cyber insurance industry may be helping to fuel this latest phase of ransomware proliferation. In 2019, there were an estimated 184 million ransomware attacks, with some of the most high profile attacks targeting government municipalities in the US – including Lake City in Florida, Baltimore, and Maryland.

How insurance is fuelling the ransomware revival

Cyber criminals are becoming commercially smarter and much more ambitious. Alongside encrypting data, they’re also stealing it and threatening to release it on the Internet – thereby exposing organizations to significant regulatory, financial and reputational loss. Little wonder then that more and more organizations are resorting to cyber insurance in a bid to mitigate and protect against business losses.

But that, as it turns out, is contributing to a proliferation of ransomware. In many cases, organizations find that paying the ransom is a much cheaper option than trying to recover lost data - or dealing with the service interruptions that result during the recovery of backup files. The more ransomware victims use insurers to pay ransoms, the more criminals are encouraged to carry out ransomware attacks.

It’s the law of unintended consequences that’s proving to be both profitable and rewarding for hackers – while motivating a growing number of businesses and government agencies to purchase insurance policies.

An escalating economy

With the global market for cyber insurance set to be £11 billion by 2022, according to RBC Capital Markets, it appears that cyber criminals aren’t unaware of the fact that when organizations conduct a cost-benefit analysis they often determine that paying a ransom demand and claiming on their insurance policy is preferable to rebuilding systems from scratch. Even if they have backups in place – because it can take up to a month or more to recover a full cloud backup.

What’s more, organizations are paying off cyber criminals with the full agreement of their insurers, for whom paying the ransom is cheaper than footing the bill for recovering the data. Let’s take a look at the economics of how this works.

Last year, the municipal government for Lake City in Florida paid a ransom of around £350,000 via its insurance policy; the government itself was only liable for £7,500 policy excess, while its insurance firm, Beazley, paid the balance of the ransom. The decision was made on Beazley’s recommendation, because the prolonged recovery from data backups would have run into millions of dollars.

The pragmatism of the decisions taken are difficult to dispute; paying the ransom saved both the government and its insurance firm a significant amount of money, while ensuring the government could get back to work faster.

By contrast, when the city of Atlanta refused to pay a £42,000 ransomware demand it estimated that the costs associated with responding to the attack and recovering files was in the region of £6.8 million dollars.

Escalating ransomware demands

Emboldened by the knowledge that more organizations are resorting to insurance cover, cyber criminals are upping their game and demanding ever-higher sums. This should serve as a signal warning for enterprises, because recent estimates suggest that the average ransom payment currently stands at around £27,000 – representing a six-fold increase in the last 12 months alone.

While insurance companies will ultimately pay the price in the short term, the cost of cyber insurance is certain to keep escalating. What’s more, it appears that criminals are actively targeting organizations that they know have a cyber insurance policy in place.

Until businesses invest in better security systems of their own, or faster and more reliable data recovery technology becomes available, the current escalation of ransomware attacks looks set to continue for some time to come. For organizations that don’t want to find themselves negotiating with hackers – who may well be using payments to fund terrorism or organized crime – prevention as a first priority must be a better path to follow.

The author

Jan van Vliet, is VP EMEA, Digital Guardian.