Ransomware trends: Risks and Resilience
There is little evidence that ransomware attacks show any sign of letting up
Ransomware has become a real menace for businesses across all sectors. And with no easy remedy in sight, the onus is on individual companies to invest in cyber security and make life harder for gangs. Those companies that take steps to prevent attacks and mitigate the impact will be far less likely to fall victim to ransomware.
“The number of ransomware attacks may even increase before the situation gets better. As insurers we have to continue to work with our clients using a combination of policy and service improvements to help businesses understand the need to strengthen their controls,” says Scott Sayce, Global Head of Cyber at AGCS and the Global Head of the Cyber Center of Competence for AGCS and the Allianz Group.
From $40 a month subscription – ransomware as a business
Cyber extortion, and ransomware, in particular, have become big business. Attacks have increased as criminals have become more organized, refining their tactics and business models. The development of ‘ransomware as a service (RaaS), for example, has made it easier for criminals to carry out attacks. Run like a commercial business, RaaS groups like Ravil and Darkside sell or rent their hacking tools to those who carry out the attacks and extort victims. They also provide a range of support services, including helplines and ransomware negotiation services.
RaaS has lowered the barriers to entry and enabled criminals to scale up their efforts and ramp up their attacks. Even those with little technical knowledge can launch ransomware attacks using RaaS. From as little as a $40 per month subscription, successful attacks can yield many thousands of dollars from ransomware payments. Ravil may have collected close to $100mn in ransom payments in just the first six months of 2021, according to estimates
More threat actors, more attacks, more claims
The combination of high rewards and low risk for cybercriminals means that ransomware is here to stay, at least for the foreseeable future, according to Marek Stanislawski, Global Cyber Underwriting Lead at AGCS.
“The knowledge threshold to carry out attacks is relatively low and ransomware tools are more easily accessible. Together with cryptocurrencies and the relative ease with which gangs can avoid detection and prosecution, ransomware is an area where criminals can easily thrive.”
Our increasing reliance on digitalization, the surge in remote working following Covid‑19, and IT budget constraints are just some of the reasons why IT vulnerabilities have intensified and there are now countless numbers of access points for criminals to exploit. Initial attacks are typically automated, with many cyber gangs previously limited by the human capacity required to follow up on attacks. However, that capacity has been increasing as gangs have invested in additional resources, Stanislawski notes.
“Now, there are many more malicious threat actors on the scene, while criminals are using ever more aggressive tactics to extort money,” says Stanislawski. “This has helped drive up the frequency and severity of ransomware attacks and claims in recent years.”
Losses resulting from external incidents, such as Distributed Denial of Service (DDoS) attacks and ransomware campaigns, account for the majority of the value of cyber claims (81%) analyzed by AGCS over the past six years. There has been an increase in ransomware incidents over the past two years in particular, with the number of claims rising by 50% year‑on‑year in 2020 (90). The total of ransomware claims received in the first half of 2021 is already the same as reported during the whole of 2019 (60), although this still represents a relatively small proportion of claims overall.
