There was one overwhelming message to come out of a recent NetDiligence Cyber Risk Summit, which is that the risk of ransomware in North America is well and truly on the rise. Cyber claim leads from international organizations like Chubb and Beazley have all noticed the same worrying trend - the frequency and severity of ransomware attacks has hiked up in recent years.
Ransomware is a very industry agnostic cyber risk. Every business with a digital footprint, regardless of size or sector, has some exposure to ransomware. Of course, some entities are slightly more vulnerable than others. The manufacturing industry in North America, for example, has been targeted quite aggressively of late. This might be because they’re perhaps more likely to pay a ransom in order to keep their businesses, their supply chains and their production lines up and running. Elsewhere, ransomware remains rife in sectors like healthcare and professional services, where businesses usually hold quite the treasure trove of useful or valuable data that a bad actor could try to leverage.
“One of the first trends right off the bat when it comes to ransomware is that we’re seeing a lot more claims, and the strains of ransomware are becoming more and more virulent, making them harder to remedy,” said Tony Dolce, cyber claims lead for North America, Chubb. “The other significant trend we’re seeing is that ransom demands are going up. A couple of years ago, a demand in the neighbourhood of $15,000-$20,000 converted into cryptocurrency was the norm. Then it climbed up into the $30,000 range, and over the course of the last year and a half, we’ve started seeing demands frequently in excess of $100,000. That’s a very disturbing trend.”
Not every business has $100,000 sat in a bank ready to cover a cyber ransom. That’s why bad actors have started to target their ransomware attacks on middle market companies, according to Kimberly Horn, global claims team leader, cyber & tech claims at Beazley. These high-demand, targeted attacks often include specific strains of ransomware, such as Ryuk and Bitpaymer, both of which enable hackers to carry out ‘big game hunting,’ explained Dolce.
Bad actors are infiltrating their victims’ systems through a couple of different methods. Many are using classic banking trojans or trick bots to steal people’s key log-in strokes and infiltrate systems. They’re often floating around the system for some time, before they steal system privileges and deliver some potent ransomware.
Horn explained: “In these cases, the ransomware is more of a parting gift. They’ve already been in the system for some time, using sophisticated banking trojans to do a reconnaissance of the company in order to figure out what the company’s worth, what data they might be able to steal and profit from, and whether they have any system back-ups.”
Cyber criminals don’t necessarily need to be sophisticated to be successful. Many hackers are simply taking advantage of ‘ransomware as a service,’ which they can buy cheaply on the black market with the hope that they can somehow monetize it. Daniel Tobok, CEO of the Toronto-based cybersecurity boutique, Cytelligence, told Insurance Business: “Ransomware accounts for about 75% of all the compromises out there. It’s easy, it’s cheap, it’s dirty, and it’s extremely effective. You can literally buy a turnkey solution from between $10,000 to $50,000 with a minimum return of 10 to 50 times that.”
These unsophisticated, slightly blasé cyber criminals actually pose “a very dangerous prospect” to North American businesses, according to Dolce. He explained: “They may not have the knowledge or the wherewithal to actually be able to decrypt should a ransom be paid. The more opportunistic hackers trying to get in on this trend, the more likely that will become an issue.”