Ransomware frequency on the downswing

RPS's national cyber practice leader on why the concern is shrinking

Ransomware frequency on the downswing

Cyber

By Ryan Smith

While the cyber threat is constantly evolving, there may be a bit of good news in the space.

Risk Placement Services (RPS), recently named a 5-Star Cyber Insurer by IBA, said it has seen a slowdown in ransomware attacks in recent months. Steve Robinson, national cyber practice leader at RPS, recently chatted with IB TV about the drop in ransomware attacks and what might be behind it.

“Eighteen months ago, we were still in the phase of extremely high-frequency, high-severity ransomware attacks,” Robinson said. “It wasn’t uncommon to receive notice of one a day or more at times. More recently, thankfully, we’ve witnessed a decline in frequency – particularly over the last six months or so.”

Robinson said that ransomware demands are now often coming from less experienced cyber criminals.

“Other things we’re noting are that threat actor groups are often smaller, sometimes less experienced,” he said. “They’re implementing a ‘ransomware as a service’ model oftentimes. It’s not uncommon to see these groups that have less experience just pulling this service from the web and executing it. And that can have difficulties in a claim in terms of getting data back. … We’re also seeing smaller demands contrasted against what we saw largely in ‘20 and ‘21. All of this, I think, is encouraging. How permanent it is remains to be seen, but that’s been the trend more recently.”

Robinson said there are several intersecting reasons for the slowdown in ransomware attacks.

“There’s a lot of different potential answers to that, all kind of coming together at the same time, creating what we’re seeing in terms of the lower frequency [of ransomware],” he said. “Number one, I think there’s certainly been a heightened sense of awareness via news channels, and the federal government focused on these types of attacks.

“The large event that took place last summer at the Colonial Pipeline – from my understanding, the threat actors did not mean for that to get the kind of attention that it did, and I think they were in a little bit over their head. So I think that increased news focus and scrutiny from the federal government is certainly playing into this.

“Also, I don’t want to underestimate the value that I believe the insurance industry has had in increasing the requirements to even qualify for cybersecurity insurance in the first place,” he said. “If you wind the clock back a couple of years ago, insurers were not asking a lot of questions. They were willing to put up a lot of capacity. As a result, we had a lot of insurance limits that were out there and fully exposed that weren’t really well underwritten.

“What we have now … things like end-point protection and response – really secure, segmented backup procedures have been implemented much more widely. I think the insurance community has had a great role in that, and I think small businesses and medium-sized businesses alike have really stepped up their game. All those things are contributing.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!