In crosshairs of ransomware crooks, cybersecurity insurers struggle

In the past few weeks, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralysing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiations. The cyber insurance industry, too, is a prime target for crooks seeking its customers’ identities and scope of coverage.

Before ransomware evolved into a full-scale global epidemic plaguing businesses, hospitals, schools and local governments, cyber insurance was a profitable niche industry. It was accused of fueling the criminal feeding frenzy by routinely recommending that victims pay up, but kept many from going bankrupt.

Now, the sector isn’t just in the criminals’ crosshairs. It’s teetering on the edge of profitability, upended by a more than 400 per cent rise last year in ransomware cases and skyrocketing extortion demands. As a percentage of premia collected, cyber insurance payouts now top 70 per cent, the break-even point.

Fabian Wosar, chief technical officer of Emsisoft, a cybersecurity firm specialising in ransomware, said the prevailing attitude among insurers is no longer: Pay the criminals. It's likely to be cheaper for all involved. “The ransomware groups got way too greedy too quickly. So the cost-benefit equation the insurers initially used to figure out whether or not they should pay a ransom — it's just not there anymore,” he said.

It’s not clear how the single biggest ransomware attack on record, which began on Friday, will impact insurers. But it can't be good.

Pressure is building on the industry to stop reimbursing for ransoms.

In May, the major cyber insurer AXA decided to do so with all new policies in France. But it is so far apparently alone in the industry, and governments are not moving to outlaw reimbursement.

AXA is among major insurers that have suffered ransomware attacks, with operations in Thailand hard-hit. Chicago-based CNA Financial, the seventh--ranked US cybersecurity underwriter last year, saw its network crippled in March. Less than a week earlier, cybersecurity firm Recorded Future published an interview with a member of the Russian-speaking ransomware gang, REvil, that is skilled in pre-attack intelligence-gathering and happens to be behind the current attack. He suggested it actively targets insurers for data on their clients.

CNA would not confirm a Bloomberg report that it paid a $40 million ransom, which would be the highest reported ransom on record. Nor would it say what or how much data was stolen. It said only that systems where most policyholder data was stored “were not impacted.”

Hackers want $70-mn ransom to restore data

The hackers suspected to be behind a mass ransomware attack that affected hundreds of companies worldwide late on Sunday demanded $70 million to restore the data, according to a posting on a dark web site. The demand was posted on a site typically used by the REvil cybercrime gang, a Russia-linked group that is counted among the cybercriminal world's most prolific extortionists. The gang has an affiliate structure, occasionally making it difficult to determine who speaks on the hackers’ behalf, but Allan Liska of cybersecurity firm Recorded Future said the message “almost certainly” came from REvil’s core leadership. The group has not responded to an attempt by Reuters to reach it for comment.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

Comments are closed.