Explosion of ransomware: what is the role played by the insurers?
Explosion of ransomware – Ransomware attacks continue to rise at an alarming rate. With the pandemic of Covid-19 and the development of home-office, the number of ransomware attacks exploded in 2020.
According to an annual report on global cyber security, 2020 saw 304 million ransomware attacks worldwide, a 62% increase from 2019. In more than half of all cases, businesses paid the ransom to recover their data.
The Covid-19 crisis has created a set of new weapons for the cybercriminal. More than ever, IT systems, data and files are under threat. Driven by money, power and influence, hackers adapt their methods to our new ways of working and living. They use increasingly sophisticated processes to identify security vulnerabilities of their future victims.
Cybercriminals continually renew ransomware intrusion methods, intensifying their efforts to extort money from their targets. Alongside the growing number of attacks, some ransomware gangs demand outrageous amounts. Ransomware today represents the biggest security threat for businesses and organizations. What is the role played by insurers in the resurgence of ransomware? Should we make paying ransom demands illegal? What are the best practices to adopt to anticipate and be better prepared?
The lack of clarity
Some insurers offer cyber insurance coverage to their customers. These protections allow companies to be partially or totally reimbursed in the event of a ransomware attack. There are several reasons why insurers offer this protection. Firstly, the cost of ransomware is often lower for insurers than paying for data and Information System recovery under the insurance policy. This guarantee was, initially at least, very profitable for insurers. But, with the increase in the number of attacks, payouts are increasing, and insurance refunds are rising.
The current situation is of concern for two reasons. Firstly, the cybercriminal is aware that insurance firms will pay out to cover the ransom demand and is encouraged to increase the number of attacks and ransom demand amount. Secondly, public authorities are keen to see insurers stop paying out ransom refunds. The result is that companies are less well protected financially but still prey to a growing number of attacks.
Another point warrants closer scrutiny. As a result of the increase in ransomware attacks, insurers have started to collaborate with ransomware negotiation specialists. Their mission: assist helpless companies hit by ransomware. Trained in kidnapping and hostage situations, they negotiate with the cybercriminals with a view to reducing the ransom amount and resolving the crisis. This approach is controversial because the negotiator is paid based on the reduced ransom payment and the fact that the victim or their insurer enter into contact with the hackers.
Towards an illegality of paying ransom demands
Currently, businesses can legally pay for ransom demands and insurers are free to decide to offer cyber ransom protection or not. But as ransomware attacks increase, a valid question remains: should we change the regulations and make paying ransom demands illegal for both companies and insurers?
The consequences of such a decision could be devastating. Firstly, making the ransom payment illegal would not necessarily lead to a decline in the number of attacks. Hackers use sophisticated and continuously evolving methods. They have proven time and time again their ability to innovate and adapt to changing environments.
Banning payments could arguably be disastrous for business. Some organizations may have no other option than paying the amount requested to restore their data and systems. This is particularly true when it comes to critical data (healthcare institutions for example). Organizations that don’t pay the ransom can spend months rebuilding their systems so the cost of the recovery could be higher. In 2018, the city of Atlanta (Georgia) refused to pay a ransom of approximately fifty thousand dollars after being hit by a massive cyberattack. Yet? the city spent more than 2.6 million dollars to recover their data and IT systems!
Cryptocurrencies are based on blockchain technology, that traces all transactions and reconstructs monetary movements. Contrary to widespread belief, it is almost impossible to use cryptocurrencies without an indelible trace. Today, sophisticated blockchain analysis software can trace bitcoin transactions to reveal real-world identities. In other words, it is not hard to know which company has been hit by a ransomware attack and the size of the ransom payout with obvious surrounding negative publicity.
What are the best practices to be better prepared in the event of a ransomware attack?
To avoid such a situation occurring, insurers have a key role to play which includes discussing with their clients to find the best compromise when a ransomware demand arrives. In the same vein as road safety awareness campaigns to reduce road accidents, it is in the interest of insurers to organize campaigns to prevent ransomware. The fewer ransomware attacks, the less insurers would have to compensate their customers.
Businesses also need to be active in their data attack prevention and data protection strategies.
They must do everything possible to secure their Information System and be better prepared to counter such attacks, particularly because, in the event of a ransomware, their cyber protection insurance will not be sufficient to fully cover the prejudice.
With more than 25 years of expertise in data protection and data management, Atempo highlights some best practices for your business:
- Building awareness among employees: they need to learn how to identify untrustworthy websites, malicious emails, suspicious links, etc. You can also test their behavior in some situations with audits and tests.
- Keep your operating system updated to avoid security breaches.
- Install a good antivirus software and make regular updates.
- Make regular backups and keep your data on disks, tapes, in the cloud and off-site for disaster recovery.
- Choose a powerful and efficient solution to help you restore your data and IT infrastructure in case of ransomware attack.
Explosion of ransomware – Insurers and businesses have a fundamental role to play in preventing cybercrime and they should not hesitate to take all steps to fight ransomware. Due to their dependence on 24/7 IT systems, companies are strongly advised to allocate 10% of their overall annual IT budget to cybersecurity, by equipping themselves with powerful solutions that provide genuine protection for their Information system, files, and data.
Explosion of ransomware: what is the role played by the insurers?