Why cyber insurers can expect to make more (and bigger) claims payments

Not only is the frequency of ransomware attacks skyrocketing, attackers are targeting larger organizations and demanding higher ransom payments.

Specialist insurer Beazley released its Beazley Breach Insights report for May last week, finding that ransomware attack notifications against clients increased 105% in the first quarter of 2019 compared to one year earlier.

There was also a 93% increase in the average ransom demanded or paid in Q1 2019 (US$224,871) compared to the 2018 average of US$116,324. Incident response firm Coveware added the average price of ransoms in Q1 2019 increased by 89% as compared to Q4 2018, Beazley said in the breach insights report.

Bill Siegel, CEO of Coveware, attributes the increased number of attacks to two main factors. “First, anytime the average ransom demand goes up, it’s going to pull in more attack groups interested in making money,” he said. “Second, the easy availability of exploit kits (such as banking Trojans) and [ransomware as a service] means there is a lower barrier to entry for would-be hackers.”

While attacks using ransomware as a service remain commonplace (tending to hit unsuspecting small businesses), more sophisticated variants are being deployed through phishing emails and tricking users into activating banking Trojans, the insurer said.

Originally designed to steal banking credentials from users of online banking websites, recent variants of banking Trojans such as Emotet and Trickbot have been used by criminals to harvest all kinds of account details. Cyber security company Proofpoint said recently that they identified nearly 100 malicious campaigns specifically targeted at or customized for Canadian organizations, much due to Emotet.

Newer types of banking Trojans will also perform “reconnaissance” on email accounts and deploy other malware, most commonly ransomware, onto a system with relative ease, Beazley said. Cyber criminals exploit the stolen credentials to steal from financial accounts, defraud through business email compromise, or commit identity theft.

Banking Trojans are particularly troublesome as they are often more difficult to eradicate from an infected IT system than other forms of malware, noted Katherine Keefe, head of Beazley Breach Response Services. “Not only are we receiving more notifications but they are often used by cyber criminals to install secondary viruses onto computer systems,” she said. “This can cause businesses serious operational, financial and reputational damage if not identified and managed early enough.”