Beazley is one of the largest cyber risk insurance providers in the country and publishes periodic reports on claims that they see. Here is a summary of what they saw.
Ransomware evolved during 2020, reaching new levels of complexity. Rather than getting an employee to click on something, they hack the network, install malware that is highly persistent, try to destroy your backups, steal your data and threaten to expose you.
Other than that, 2020 was just like 2019.
Beazley says that the cost of ransomware payments in 1H2020 was double what they paid in 1H2019. That is in line with their estimate that extortion demands in 2020 will wind up being double what they were in 2019.
The attacks are getting more sophisticated (the SolarWinds attackers were in there for a year, for example). Beazley says that more often, hackers have access to the network prior to the ransomware attack, they figure out how to escalate the privileges that they have, they move throughout the network doing reconnaissance and figure what what data is there and where it is stored.
More importantly, often they steal (exfiltrate) the data, both to prove that they have access and to threaten the victim.
According to incident response firm Coveware, almost 50% of ransomware cases in Q3 2020 included the threat to release exfiltrated data , up from 22% in Q2. That is an amazing increase in just one quarter.
In one recent case, Beazley responded to a ransomware attack where the initial demand was a half million dollars. Using Beazley’s services they were able to lower the ransom to $50k and because their backups were hosed, they decided to pay.
Beazley points out that, if the hackers stole your data including PII or PHI, you may be legally required to notify the affected people. After all, you have no guarantee that the hackers will actually destroy the data if you pay the ransom and, in many cases, you may be dealing with several actors, some of which may have no role in your little agreement to pay money and destroy data.
While the article doesn’t say this, you also need to consider that the Treasury Department is putting pressure on organizations not to pay these ransoms by threatening to throw them in jail if they do. As a result, preventing attacks is likely the better long term strategy.
They wrap up the post with 7 great suggestions. If you are not already doing this, start now. Here is the abbreviated version:
- Conduct a risk assessment
- Set up strong controls on email content and delivery
- Manage access effectively
- Backups, backups and more backups (and make sure they are OFFline. Harder to hack that way)
- Educate users
- Patch systems and applications and
- Secure remote access
Beazley has more tips for its clients and if you don’t have cyber risk insurance, you need to reconsider that decision.
For more information, check out this link. Credit: Beazley