Ransomware attacks is one of the 3 most recorded crimes. Ransomware is a form of malware that is constantly evolving and is designed to encrypt files on a device, making all files and systems that depend on them unusable.
The cybercriminal therefore demands a ransom to free the locked system, threatening to publish the data, including personal information and company data, if the ransom is not paid.
The insurer’s annual review of the cyber risk landscape also highlights the emerging threats posed by the growing reliance on cloud services, an evolving third-party liability landscape that means higher compensation and penalties, as well as the impact of a shortage of cyber security professionals (see New Cyber Risk & Ransomware Trends).
Very recently, the main pipeline operator in the U.S. closed its network after an attack involving ransomware that had very high repercussions not only in terms of financial losses but also reputation.
The ransomware threat to global businesses is almost pandemic-like, victimizing someone every 10 seconds and now on the verge of being declared a national emergency by the U.S. government. From an economic standpoint, in 2020, ransomware commanded an 81% share of cyberattacks launched for financial gain and cost the world economy an estimated $20 bn (see Main Types of Cyber Loss Estimates).
Ransomware Strains Have Mutated
Origins of early ransomware can be traced back to 1989, when biologist Joseph Popp handed out infected floppy disks to attendees of the WHO’s AIDS conference. The floppy disks contained a trojan that hid directories and encrypted file names.
By 2005, contemporary forms of ransomware started to show up that used asymmetric encryption; however, most cryptographers figured out keys because encryption algorithms were rudimentary.
Because most ransomware authors were asking victims to wire funds to bank accounts, authorities could follow the paper trail and often catch the culprit.
Fast forward to 2013, when the emergence of cryptocurrency changed everything. When the Cryptolocker ransomware emerged around Q3 2013, hackers started demanding victims make payments in bitcoin, a cryptocurrency that’s virtually untraceable (yet verifiable and non-fungible), thus making it difficult for authorities to pin down criminals (see Risk Management With Cyber Insurance).
By 2016, ransomware was everywhere. The SamSam ransomware brute-forced Windows Remote Desktop Protocol accounts and realized million-dollar revenues. Many different ransomware strains — some malware disguised as ransomware — caused hundreds of millions of dollars in damages and hit almost 100 countries.
As ransomware matured, it altered. Earlier forms of it didn’t care where it landed, encrypting computers almost instantaneously.
Whether the victim was a mom-and-pop store or a Fortune 100 company, it simply asked for the exact same amount of ransom. Advanced strains became smarter and stealthier.
Ryuk, for example, will usually break in via phishing, use command and control servers to dial home to the bad guys and then await further instructions. The attackers will then carry out an extensive reconnaissance of the network and identify potential data targets (see Ransomware Insurance and Cyber Risk Landscape).
Ransomware is not going away anytime soon. As networks become more hyperconnected, ransomware will continue to become even more pervasive and costlier.
While some ransomware groups are targeting people at scale, others are taking their time to dwell in the target’s network, determining the crown jewels and the victim’s ability to pay.
10 tips to avoid being a potential victim of ransomware
1. Never click dubious links
Avoid clicking links in spam messages or unknown websites. If you click on malicious links, an automatic download can be started, which can lead to infection of your computer.
2. Don’t open suspicious e-mail attachments
Ransomware can also get to your device via e-mail attachments. Avoid opening any dubious attachments. To make sure the e-mail is trustworthy, pay close attention to the sender and make sure the address is correct. Never open attachments that require macros to run to view them. If the attachment is infected, opening it will run a malicious macro that provides malware control of your computer.
3. Avoid disclosing personal information
If you receive a call, SMS, or email from an untrusted source requesting personal information, do not respond. Cybercriminals may try to collect personal information in advance, which is used to personalize phishing messages targeted specifically for you. If you have any questions about the legitimacy of the message, please contact the sender directly (see Cybersecurity Automation Adoption: Exploring Use Cases).
4. Never use unknown USB devices
Never connect USB devices or other storage media to your computer if you do not know where they came from. Cybercriminals may have infected the storage medium and placed it in a public place to persuade someone to use it.
5. Keep your programs and operating system up to date
Updating programs and operating systems regularly helps protect you from malware. When performing updates, be sure to use the latest security patches as these make it difficult for cybercriminals to exploit vulnerabilities in your programs.
6. Back up your data to a secure storage regularly
Investing in backup is like buying insurance, so the choice should be well thought out. The process of retrieving data from a backup is known as recovery, and more important than keeping your backups up-to-date is being able to restore them in the event of a disaster or extortion attempt.
Backups used to be a viable solution for ransomware; however, recent mutations prove that criminal hackers have moved on from just encrypting data. Most (70%) ransomware attacks now include data exfiltration.
Once attackers access the victim’s crown jewels (e.g., intellectual property, credentials, customer databases or credit cards), they threaten to sell or publish confidential data if demands are not met. New strains are also known to infect and encrypt online, shadow and offline backups.
7. Use only known download sources
To minimize the risk of ransomware, never download software or files from unknown websites. Rely on verified and trusted websites for downloads. This type of websites can be recognized by trusted stamps. Make sure that the browser address bar of the page you’re visiting uses “https” instead of “http.” A shield or padlock symbol on the address bar may also indicate that the page is secure. Also, be careful when downloading to mobile devices. You can trust the Google Play Store or Apple App Store, depending on your device.
8. Change each and every password
Most ransomware strains these days steal credentials from password managers, active directories or browser history. Make sure you change passwords regularly and don’t repeat use.
9. File a cybersecurity insurance claim
Usually, insurance carriers employ a data broker who is experienced at handling ransomware incidents. They can handle negotiations and can also help restore operations. As a cyber insurer we are willing to go beyond pure risk transfer, helping clients to adapt to a changing risk landscape and raising their protection levels.
The cyber risk landscape doesn’t allow for any resting on laurels. Ransomware insurance and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.
Most companies will not be able to evade a cyber threat. However, it is clear that organizations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.
10. Execute a practiced incident response plan
If your company gets hit and your employees and customers are exposed, you want the legal (compliance) and media team to assume their crisis management roles. Make sure you stay transparent and include all relevant stakeholders.
If your organization is held hostage, focus on fixing the root causes and taking preventative measures. If you train employees to recognize and report suspicious activity, with the right technical safeguards in place, you can reduce the probability of severe business disruption.
To summarize, ransomware is indeed a highly targeted threat. For businesses, they need to be particularly vigilant of what information to share, where and when.
The more you streamline your networks, update with current patches and keep your firewalls in top condition, the better protected you are from these threats. Prevention is better than cure.