Ransomware’s revival

By Jan van Vliet, VP EMEA, Digital Guardian
In spite of organisations’ efforts to double down on cyber security efforts, it seems that ransomware is making a comeback. Last year, financial services firms reported 819 cyber incidents to the Financial Conduct Authority (FCA), a significant increase on the 69 incidents reported the year before. Ransomware was named as the second most prolific type of attack and its resurgence is proving to be an ongoing and serious security challenge for financial institutions.

In late December 2019 currency exchange bureau Travelex became the target of a ransomware attack which disrupted services for many UK bank customers including RBS, Sainsbury’s Bank, First Direct, Virgin Money, and Barclays.  Despite paying a $2.3 million ransom in Bitcoin, the company’s long-term survival is still in question.

As ransomware continues to cause havoc, more and more organisations are taking the advice of their cyber insurance provider and paying the ransom.  Why? Because in many cases paying the ransom is much cheaper than trying to recover the lost data through other means.

What’s insurance got to do with?

Cybercriminals are becoming commercially smarter and much more ambitious. Alongside encrypting data, they’re also stealing it and threatening to release it on the Internet – thereby exposing organisations to significant regulatory, financial and reputational loss. Little wonder then that more and more organisations are resorting to cyber insurance in a bid to mitigate and protect against business losses.

But that, as it turns out, is contributing to a proliferation of ransomware. In many cases, organisations find that paying the ransom is a much cheaper option than trying to recover lost data – or dealing with the service interruptions that result during the recovery of backup files. The more ransomware victims use insurers to pay ransoms, the more criminals are encouraged to carry out ransomware attacks.

It’s the law of unintended consequences that’s proving to be both profitable and rewarding for hackers – while motivating a growing number of businesses and government agencies to purchase insurance policies.

Money talks
With the global market for cyber insurance set to be £11 billion by 2022, according to RBC Capital Markets, it appears that cybercriminals aren’t unaware of the fact that when organisations conduct a cost-benefit analysis they often determine that paying a ransom demand and claiming on their insurance policy is preferable to rebuilding systems from scratch. Even if they have backups in place – because it can take up to a month or more to recover a full cloud backup.

What’s more, organisations are paying off cyber criminals with the full agreement of their insurers, for whom paying the ransom is cheaper than footing the bill for recovering the data themselves. Let’s take a look at the economics of how this works.

Last year, the municipal government for Lake City in Florida paid a ransom of around £350,000 via its insurance policy; the government itself was only liable for £7,500 policy excess, while its insurance firm Beazley paid the balance of the ransom. The decision was made on Beazley’s recommendation, because the prolonged recovery from data backups would have run into millions of dollars.

The pragmatism of the decisions taken are difficult to dispute; paying the ransom saved both the government and its insurance firm a significant amount of money, while ensuring the government could get back to work faster.

By contrast, when the city of Atlanta refused to pay a £42,000 ransomware demand it estimated that the costs associated with responding to the attack and recovering files was in the region of £6.8 million dollars.

Payment fuels demand
Emboldened by the knowledge that more organisations are resorting to insurance cover, cybercriminals are upping their game and demanding ever-higher sums. This should serve as a signal warning for enterprises, because recent estimates suggest that the average ransom payment currently stands at around £27,000 – representing a six-fold increase in the last 12 months alone.

While insurance companies will ultimately pay the price in the short term, the cost of cyber insurance is certain to keep escalating. What’s more, it appears that criminals are actively targeting organisations that they know have a cyber insurance policy in place.

Until businesses invest in better security systems of their own, or faster and more reliable data recovery technology becomes available, the current escalation of ransomware attacks looks set to continue for some time to come. For organisations that don’t want to find themselves negotiating with hackers – who may well be using payments to fund terrorism or organised crime – prevention as a first priority must be a better path to follow.