Ransomware and Cyber-Extortion Payments Double in 2020

The total cost of ransom payments doubled year-on-year during the first six months of 2020.

Based on incidents reported to Beazley’s in-house breach response team, BBR Services, ransomware attacks increased in terms of both severity and costs this year compared to 2019 and have become the biggest cyber-threat facing organizations.

Paul Bantick, Beazley’s global head of cyber and technology, said: “Our underwriting, claims and threat intelligence database shows that ransomware attacks are much more sophisticated and severe, thus, it is critical that organizations adopt a layered approach to security and take stringent measures to make it hard for threat actors at every step.”

Jack Kudale, founder and CEO of Cowbell Cyber, said those organizations who fall victim to a ransomware attack are often caught off guard with no backup, and their only option is to pay the ransom. “In other words, ransomware attacks are working for the criminals and they can demand higher payment,” he added.

Mohit Tiwari, co-founder and CEO at Symmetry Systems agreed, explaining that running a ransomware campaign (including tools, negotiations and money transfer) is becoming commoditized, and therefore paying the ransom is becoming an acceptable, and even normal, response for victims. 

Beazley claimed that ransomware is no longer the sole problem, as the rise of cyber-extortion events will involve threat actors who exploit access into networks, install highly persistent malware, target backups, steal data and threaten to expose the compromise. “Ransomware is avoidable but requires regular and thorough training of employees on how to avoid this evolving threat,” it said.

“Organizations should not only try to prevent a ransomware infection, but prepare in case they do get infected, through multiple layers of security, each reducing the risk and probability of ransomware.”

Beazley also claimed that the number of cyber-extortion demands being paid has doubled year-on-year.

Dirk Schrader, global vice-president at New Net Technologies (NNT) told Infosecurity that cyber-crooks are playing the game with all the cards they have in their hand, and the “reputation” card is one of them.

“If the victim is a valuable, known brand, serving thousands of customers, the threat to publish the data increases the chances to get what they ask for,” he said. “A prominent example for this approach is the case of the utilities provider in the German city of Ludwigshafen, where the attackers actually published the full data set as the provider refused to pay.”

Tiwari said the amount being paid may continue to increase since it is easier to scale attacks than to dramatically improve the security posture of a legacy company.

Kudale concluded: “Businesses have to consider the financial impact of a ransomware attack beyond the ransom payment; business interruption, loss of income and now breach damages such as compromised data. The best outcome for businesses is to have a backup and subscribe to a cyber insurance policy that covers recovery expenses and brings expertise in negotiating a ransom payment if at all needed.”

What’s Hot on Infosecurity Magazine?