The Spate of Ransomware Attacks Puts Focus on Cyber Insurance Need

The recent surge in ransomware attacks has many private and public companies along with government entities reviewing their need for cyber insurance. Ransomware is where cybercriminals use malicious software to hold an organization’s computer system hostage and demand payment (typically in the form of bitcoin/cryptocurrency) to give back control.

Most recently, we saw ransomware attacks that crippled America’s critical infrastructure and disrupted major food supplies. A ransomware attack in May against Colonial Pipeline forced the company to shut off gasoline supply to much of the Eastern Seaboard, resulting in shortages throughout the South. Colonial Pipeline paid a ransom amount of $4.3 million to hackers with the Department of Justice reclaiming more than $2 million. During the same month, an attack shut down the databases of a hospital system in San Diego for two weeks. In June, multi-national meat manufacturer JBS S.A. was attacked forcing the closure of a quarter of American beef operations for two days. JBS paid $11 million to stop its attack.

Behind the Rise in Ransomware Attacks

Ransomware strikes have surged over the past year due to a number of factors including the rise of hard-to-trace cryptocurrency, a work-from-home boom amid the pandemic that has resulted in new IT vulnerabilities, and ongoing tensions between the U.S. and Russia. It’s believed that many ransomware attacks emanate from Russia and Eastern Europe. The names of the online criminal groups responsible for attacks include (not surprisingly): REvil, Evil Corp, and DarkSide.

Despite these incidents, the FBI still urges against paying ransom to hackers. According to a survey conducted by the security firm Kaspersky, more than half of ransomware victims in 2021 paid up to regain access to their own information while only a quarter of these firms actually regained full access.

“Paying a ransom doesn’t guarantee you or your organization will get any data back,” the FBI states on its website. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

Some also feel that hackers are attacking companies with Cyber insurance. According to a recent article in the Washington Post, former FBI agent James Turgal, who is now a vice president at a cybersecurity firm, said that new hacking groups are getting into ransomware attacks to go after what they see as an ‘endless pot of money’ facilitated by insurance companies. “I’ve worked cases where they’re actually providing a snapshot of your Cyber insurance cover page from your own system showing you, ‘Hey, you have Cyber insurance, so there’s no reason not to pay.’ ”

This is an interesting twist as more organizations are looking to purchase Cyber insurance amid the ransomware surge. A GAO study, according to the Post, shows that companies are increasingly opting to buy Cyber insurance.

On the flip side, however, others strongly disagree with the view that having Cyber insurance is an incentive for criminals to target specific companies. Rather, Cyber insurance is part of a larger risk management strategy that raises awareness and educates insureds on the types of cyber threats that exist and how to recognize them along with the cybersecurity measures that should be implemented. Most Cyber policies make some type of extortion insurance available to cover the costs to investigate a ransomware attack, negotiate with the hackers, and make a ransom payment. They also often provide a team of experts that includes a staffed crisis response hotline, legal counsel, and computer forensic analysts to assess the incident and recommend a timely course of action.

There’s no doubt ransomware is here to stay. It’s important for companies, in addition to having Cyber insurance, to take a proactive stance to shield themselves from potential infection by deploying cybersecurity solutions that focus on prevention.