Demands are sharply higher, and the complexity and costs of addressing an attack are increasing, according to cyber insurance provider Coalition.
Ransomware can harm an organization in a variety of ways. Business operations can grind to a halt as crucial files are encrypted and inaccessible. Time and resources are taken up trying to respond to the attack. Sensitive data can be publicly exposed, hurting employees and customers and damaging the reputation of the organization. And of course, money often is spent to pay the ransom in hopes that the data will be recovered.
Even worse, ransomware attacks have been getting more sophisticated and expensive. Cybercriminals are asking for higher amounts of money. They’re increasingly threatening to release the data publicly unless the ransom is paid. And since you’re dealing with criminals, there’s no guarantee the data will be decrypted even if the ransom is paid.
A report released Thursday by cyber insurance provider Coalition looks at cyberattacks in general with details on how ransomware campaigns are becoming more severe.
For its “2020 Cyber Insurance Claims Report,” Coalition examined many of the claims filed with it by customers who were hit by a cyberattack and had cyber insurance. The insurer also analyzed data from cyber insurance applications and from the National Association of Insurance Commissioners. Overall, the average severity of claims reported by policyholders jumped by 65% from 2019 to 2020, largely driven by the rising costs of ransomware.
Although the volume of ransomware claims fell by 18% from 2019 through the first half of 2020, the attacks themselves increased in severity, according to Coalition. Ransom demands over the past quarter rose sharply as criminals learned to exploit the coronavirus and the resulting shifts in the business environment. The average ransom demand seen by the insurer soared 100% from 2019 through the first quarter of 2020 and then climbed another 47% from the first to the second quarter.
Further, the complexity and cost of remediating a ransomware attack has been growing. In the past, criminals would simply decrypt and hold data hostage until the ransom was paid. Now, they frequently steal the data before encrypting it and then threaten to release it publicly unless the ransom is paid.
Newer strains of ransomware also are adding to the complexity. Such attack tools as DoppelPaymer and Maze are especially malicious and efficient, allowing criminals to ask for more money. As one example, the average ransom demand for Maze is six times the overall average demand.
Based on the claims seen by Coalition, ransomware attacks typically prove more severe than other types of cyberattacks. They can dramatically disrupt business operations, resulting in lost time trying to recover the data. Even when backups are available, recovering the data can be complicated and costly.
Ransomware can hit any type of organization. In its report, Coalition said that it’s observed claims across just about every type of industry it handles. But some sectors are more susceptible than others.
Companies involved in consumer discretionary spending accounted for 28% of the ransomware claims by industry. Those that offer professional services accounted for 16%, followed by healthcare at 12%, financial services at 9%, and information technology at 8%. Organizations especially vulnerable are ones that manage sensitive data, use internet-exposed remote access tools, and rely on third-party providers.
With ransomware and other types of cyberattacks posing a threat, what can organizations do to better protect themselves? Coalition offers the following five tips:
- Multifactor authentication. Turn on multifactor authentication (MFA) for all business-critical services, including corporate email accounts, VPNs, financial accounts, and any other applications where sensitive information is stored.
- Email security. Implement basic email security measures including SPF, DKIM, DMARC, and an anti-phishing solution. Email is the single most targeted point of entry into an organization for a criminal hacker, and the implementation of these email security measures can be done quickly, and for free.
- Routine backups. Regularly back up your systems and information, and store backups in an “offsite” location. Offsite doesn’t have to mean physically offsite, but in a location that is not connected to your main business network. This will make it far more difficult for a criminal hacker to delete or encrypt your backups.
- Wire transfer verification. Implement a dual-control process when transferring funds. Today, it is no longer safe to assume that email is a secure means of communication. Call the intended recipient of the transfer before you make it to confirm any wire instructions provided, and make sure you have an accurate phone number.
- Password management. Encourage employees to use a password manager (e.g., LastPass, 1Password, or the password managers built into web browsers like Chrome or Safari). Using strong, unique passwords for each of the services you use can help prevent common criminal techniques such as “brute forcing” or “credential stuffing.”