A recent study highlighted by the Netherlands government has revealed that ransomware operators are increasing their ransom demands significantly if they detect that a victim has cyber-insurance. Dutch cop Tom Meurs conducted this study as part of his PhD thesis, where he analyzed 453 ransomware attacks between 2019 and 2021.
Meurs found that one of the initial actions taken by intruders during a ransomware attack is to search for documents containing keywords such as “insurance” and “policy.” If the hackers uncover evidence that the target has a relevant insurance policy, the ransom amount more than doubles on average. In cases of double-extortion attacks, where cybercriminals threaten to release stolen data unless the ransom is paid, victims with insurance are quoted 5.5 times more than those without insurance.
The rationale behind inflating the ransom demands for insured victims is that cyber-insurance is perceived as a guarantee that the insurer will cover the ransom payment. This perception leads criminals to escalate their demands, as they see insured victims as a reliable source of funding. However, paying the ransom only serves to perpetuate cybercrime, prompting authorities in the US and UK to push against the practice of ransom payments.
Meurs’ research indicated that insured victims paid the ransom to hackers 44 percent of the time, compared to 24 percent for uninsured victims. Additionally, insured victims paid significantly higher amounts, averaging €708,105 ($800,000, £600,000), in contrast to €133,016 ($150,000, £110,000) for uninsured victims.
The study also identified common points of infection for ransomware attacks, with phishing emails containing malicious links being the most prevalent, accounting for a third of successful attacks. Other vectors included spam, malicious mobile apps, and vulnerabilities arising from poorly patched applications or operating systems.
The retail and wholesale sectors were the most frequently targeted industries, comprising nearly 33 percent of reported infections and averaging payouts of €112,793 ($130,000, £100,000). The IT sector, although less frequently targeted, yielded the highest average payout of €268,039 ($300,000, £230,000), making it an attractive target for cybercriminals.
Meurs emphasized that having a robust backup system is a crucial defense against ransomware attacks. Companies with effective backup systems were significantly less likely to pay ransoms, as they could recover data without succumbing to extortion. However, some organizations still opt to pay the ransom, despite having viable recovery options, to expedite the process or mitigate reputational damage.
While the study pointed out the importance of backup systems, Meurs noted that many organizations fail to implement secure backups. He recommended offsite backups to safeguard against cyber threats and highlighted the need for enhanced cybersecurity measures to counter evolving ransomware tactics.
Overall, the research underscored the escalating threat of double-extortion ransomware attacks and the importance of proactive cybersecurity measures to combat this pervasive threat. As ransomware tactics continue to evolve, organizations must prioritize cybersecurity resilience to mitigate the impact of cyber threats and protect against extortion schemes.