Cyber Insurance Companies Call Losses Due To Ransomware Now Dropping, What Causes It?
JAKARTA - Cyber insurance provider, Coalition Inc., said that the average loss claims of its clients when they were hit by a ransomware attack reached 184,000 US dollars in the first half of this year worldwide. This number is down 45% compared to the second half of 2020.
Losses from a ransomware attack can include ransom paid, recovery costs, breach response costs, lost revenue, and more. "Our data only takes into account incidents where the organization filed a claim and the losses were above the organization's deductions," the report said.
The drop in losses "reflects the Coalition's efforts to negotiate ransoms on behalf of our policyholders and help them recover from data backups," the company said.
The insurance company says it makes no recommendations to its clients when it comes to paying the ransom, but if the victim chooses to pay, it will step in and handle the negotiations. In one instance, the report says, insurance companies were able to reduce ransom payments from $200,000 to $75,000.
Legal intelligence firm JD Supra notes that most stand-alone cyber insurance policies cover extortion coverage, cover costs for investigating ransomware attacks, negotiating with hackers, and making ransom payments.
Overall, about 80% of organizations have some type of cyber insurance policy, according to research firm Statista.
Ransom demands increase
The Coalition took data losses from ransomware attacks that occurred among the company's 50,000 customers over the past 18 months. The average ransom demand made to policyholders rose to $1.2 million in the first half of 2021 vs. $444,000 during the first half of 2020, the Coalition said.
But a recent report from incident response company Coveware found that the average ransom paid by a victim fell 38% in the second quarter of this year, compared to the first quarter, reaching $136,576.
Small Companies Also Targeted
Massive ransomware attacks against large organizations, including Colonial Pipeline Co. and software company Kaseya, have made headlines in recent months. But the Coalition notes that attacks on small and medium-sized businesses are increasing.
"Historically, small and medium-sized businesses seem to be off the radar of cybercriminals, but that is starting to change," the report said. "We've seen a material increase in claims targeting small and medium-sized businesses, with claim frequency increasing by 57% for organizations with 250 employees or less."
However, when selecting targets, attackers appear to be more focused on the defense of the organization than its size, according to the report.
Gangs Make Biggest Demands
During the 18-month study of the Coalition, the gangs with the highest average ransom demands were Netwalker, Conti, REvil/Sodinokibi, MountLocker and Maze.
The insurance company's analysis of its customers' experiences with ransomware shows that attacks involving the Netwalker gang, which were disrupted in January, brought the largest average ransom demand: 8.4 million US dollars.
In comparison, Conti's gang, which is still active, is suing US$4.3 million, while the REvil gang, aka Sodinokibi, which has just been shut down; MountLocker; and the dead Maze gang each demanded a ransom of an average of 2 million US dollars
The Coalition report says many cybercriminals appear to be switching from ransomware to other forms of attack, such as file transfer fraud and business email compromise. That's because other cybercrimes can be committed by less sophisticated groups, insurance companies say.
According to the Coalition report, for the first half of this year, ransomware incidents accounted for 22% of attacks targeting Coalition clients, compared to 41% in the same period last year.
File transfer fraud attacks accounted for 25% of incidents in the first half of 2021, while BEC attacks accounted for 23%. Average losses due to file transfer fraud rose from US$117,000 in the first half of 2020 to US$326,000 during the first half of this year, the insurer said. It did not provide a BEC loss estimate.
"FTF is most often carried out via phishing and email compromise followed by social engineering. Once criminals have access to a mailbox, they can manipulate contacts linked to that mailbox to change payment instructions or make fraudulent payments," the report said.
Despite the shift in criminal activity, the Coalition says ransomware attacks will continue to cause heavy losses in the months to come. That's because ransomware offers much greater profit potential, the necessary tools are available for purchase on the darknet, and many companies fail to take the necessary steps to block or recover from ransomware attacks.