Ransomware attacks increased in both severity and cost this year compared to 2019, and are now the biggest cyber threat facing organisations, states specialist insurer Beazley.
According to the latest Beazley Breach Insights report, the total cost of ransom payments doubled year over year over the first six months of 2020, based on incidents reported to the insurer’s in-house breach response team, BBR Services.
The nature of ransomware attacks is also evolving. Today’s ransomware attacks are more likely to include a threat to release stolen data rather than encryption alone, Beazley said. Cyber criminals increasingly have prior access to a network before launching an attack. During the time they have access, they work to escalate their privileges, move laterally through the network, and perform reconnaissance on the network and the data stored on it. They also frequently exfiltrate data and upload it to an external site, both to prove they have access to the data and to threaten exposure.
Despite the growing complexity of cyberattacks, there are still opportunities to disrupt the extortion process. However, this requires “regular and thorough training of employees” on how to avoid cyber threats, Beazley said.
Companies should not only try to prevent a ransomware attack, but prepare in case they do get targeted through multiple layers of security.
“In an incredibly challenging year in which ransomware has become the biggest cyber threat to impact individuals and organisations alike, the severity of ransomware attacks has continued to escalate. Our underwriting, claims and threat intelligence database show that ransomware attacks are much more sophisticated and severe. Thus, it is critical that organisations adopt a layered approach to security and take stringent measures to make it hard for threat actors at every step.”