The average ransomware payment increased by a whopping 104 percent in the fourth quarter of 2019, spiking to $84,116 from $41,198 in Q3, according to a report from Coveware, a security vendor.
Ransomware, also known as cyber extortion, involves the use of malicious software designed to block access to a computer system until a sum of money is paid. The 4Q increase reflects the diversity of the cyber criminals attacking companies.
Some ransomware variants are focusing on large companies where they can attempt to extort the organizations for seven-figure payouts. Small businesses, on the other hand, are bombarded with ransomware variants with demands as low as $1,500.
The total cost of a ransomware attack depends on its severity and duration and includes the costs of the ransom payment (if one is made), as well as remediation costs, lost revenue, and potential brand damage.
In Q4, ransomware actors also began exfiltrating data from victims and threatening to release it. In addition to remediation and containment costs, this complication adds to the potential costs of third-party claims.
Other key takeaways from the report include:
- 98 percent of companies that paid the ransom received a working decryption tool in Q4 2019, unchanged from Q3.
- Victims who paid for a decryptor successfully decrypted 97 percent of their data, a slight increase from Q3.
- Average downtime increased to 16.2 days, from 12.1 days in Q3 of 2019. The was driven by a higher prevalence of attacks against larger enterprises, which often spend weeks fixing their systems.
- Cyber criminals demand Bitcoin almost exclusively now in all forms of cyber extortion because it’s easier to swap extortion proceeds into a privacy coin after they collect, than to require a victim to purchase a less liquid type of digital currency.
- Less sophisticated and well-financed attackers will target small companies with small IT budgets.
- Public sector organizations continued to account for a high percentage of ransomware attacks in Q4. The attacks are expected to continue until these organizations are able to increase their security budgets.
Another global ransomware attack, dubbed Petya, has disrupted operations at major firms across Europe and the United States.
More than 100 companies and organizations across various industries were affected, including shipping and transport firm AP Moller-Maersk, advertising firm WPP, law firm DLA Piper, Russian steel and oil firms Evraz and Rosneft, French construction materials company Saint-Gobain, food company Mondelez, drug giant Merck & Co, and Pennsylvania healthcare systems provider Heritage Valley Health System.
Today’s Insurance Information Institute Daily, via The Wall Street Journal, reports that the attack has exposed previously unknown weaknesses in computer systems widely used in the West.
The U.S. cyber insurance market grew by 35 percent from 2015 to 2016, based on recent reports.
From A.M. Best: U.S. property/casualty insurers wrote $1.35 billion in direct written premium for cyber insurance in 2016.
Overall, cyber insurance for the majority of companies was profitable and the direct loss ratio decreased by 4.5 percentage points to 46.9 percent in 2016, from 51.4 percent in 2015.
Ransomware attacks are part of the reason for the decline in the loss ratio, A.M. Best explains:
“The decline in direct loss ratio for 2016 is partially attributed to the majority of reported cyber-attacks being related to ransomware heists. In almost all ransomware cases, the losses were well below the deductible and a simple backup recovery resolved and remedied any negative long-term effect of the attacks.”
Read our earlier post on insurance for ransomware attacks.
As organizations look to recover from the disruption caused by Friday’s massive global ransomware cyberattack, the value of cyber insurance, and other cybersecurity tools, just multiplied exponentially.
Security researchers at Kaspersky Lab recorded more than 45,000 attacks in 74 countries including the UK, Russia, Ukraine, India, China and Italy, the Guardian reports.
The UK’s National Health Service, French car manufacturer Renault, and Spain’s telecommunications giant Telefonica were among those hit by the so-called WannaCry ransomware, which locks up computer systems until the victims pay a ransom.
Cyber risk modeling firm Cyence estimates the average individual ransom cost from the attacks at $300, and the total economic costs from interruption to business at $4 billion, according to this Reuters report.
Kevin Kalinich, global head of Aon’s cyber risk practice, told Reuters:
“If you’re a hospital that turned away patients, if you’re a global delivery company that can’t send a package, or a telecom company in Spain, Russia or China, the financial statement impact from the business interruption is much larger than the $300 ransomware.”
Insurance coverage for ransomware (see earlier post), and other forms of extortion, is available under cyber insurance policies, or other types of policies that specifically cover cyber extortion.
An insured’s ransom payment following an attack is typically covered, subject to individual policy terms and conditions, according to this I.I.I. white paper.
Cyber policies also provide coverage for the costs of forensic investigation, restoring lost or corrupted data, legal expenses and business interruption.
Here are some of the considerations that go into the decision to purchase coverage.
Hotel guests locked out of their rooms at a four-star hotel in the Austrian Alps? Washington DC’s CCTV system disrupted days before Donald Trump’s inauguration? Libraries in St Louis brought to a standstill? Eight years of digital evidence lost by a Texas police department?
Ransomware is not just grabbing headlines, it’s now the favorite method of cyberattack used against businesses, particularly in North America and Europe, according to this Malwarebytes report.
In the fourth quarter of 2016 alone, Malawarebytes catalogued nearly 400 variants of ransomware, and 81 percent of ransomware detected in corporate environments occurred in North America.
Lloyd’s insurer Beazley saw ransomware attacks quadruple in 2016 and projects them to double again in 2017.
“Evolving ransomware variants enable hackers to methodically investigate a company’s system, selectively lock the most critical files, and demand higher ransoms to get the most valuable files unencrypted.”
In its white paper Cyberrisk: Threat and Opportunity, the Insurance Information Institute reports that insurers are issuing an increasing number of cyber insurance policies and coverage for cyber extortion, including payment of a ransom following a ransomware attack, is available.
According to the FBI, ransomware attacks are on the up, particularly targeting organizations because the payoffs are higher.