Ransomware surge as attack costs escalate

The threat of ransomware attack is now the biggest cyber risk facing organisations following a rapid rise in 2020.

Insurer Beazley has issued its latest Breach Insights report which found that ransomware attacks increased in terms of both severity and costs this year compared to 201.

The report added the total cost of ransom payments doubled year-on-year through the first six months of 2020, based on incidents reported to Beazley’s in-house breach response team, BBR Services.

The nature of ransomware attacks has also markedly changed in 2020, it said. “Today’s ransomware incidents are more likely to include a threat to release stolen data versus encryption alone. Threat actors increasingly have prior access to a network before deploying their attack, during which time they are working to escalate their privileges, move laterally through the network, and perform reconnaissance on the network and data stored on it. Frequently, they now also exfiltrate data and upload it to an external site, both to prove that they have access and to threaten exposure.”

Paul Bantick, Beazley’s Global Head of Cyber & Technology, said: “In an incredibly challenging year in which ransomware has become the biggest cyber threat to impact individuals and organisations alike, the severity of ransomware attacks has continued to escalate. Our underwriting, claims and threat intelligence database shows that ransomware attacks are much more sophisticated and severe, thus, it is critical that organisations adopt a layered approach to security and take stringent measures to make it hard for threat actors at every step.”

Despite the growing complexity of the attacks, there are opportunities to disrupt criminals’ activities during the cyber extortion process, however, this requires regular and thorough training of employees on how to avoid this evolving threat. Organisations should not only try to prevent a ransomware infection, but prepare in case they do get infected, through multiple layers of security, each reducing the risk and probability of ransomware.

“Threat actors increasingly have prior access to a network before deploying their attack, during which time they are working to escalate their privileges, move laterally through the network, and perform reconnaissance on the network and data stored on it,” warned the report. “Frequently, they are now also exfiltrating data and uploading it to an external site, both to prove that they have access and to threaten exposure.”

According to data from ransomware incident response firm Coveware, almost 50% of ransomware cases in Q3 2020 included the threat to release exfiltrated data along with encrypted data, up from 22% in Q2.

Beazley said the key was to ensure staff understood the threat and how to recognise the threat and what action to take should an infection occur.

“Cyber extortion is a process and there are many opportunities along the way to disrupt the criminals’ activities.” It explained. “Ransomware is avoidable but requires regular and thorough training of employees on how to avoid this evolving threat.

“Organisations should not only try to prevent a ransomware infection, but prepare in case they do get infected, through multiple layers of security, each reducing the risk and probability of ransomware. Training employees to recognise phishing emails; establishing secure, offline backups; encrypting data at rest; monitoring for network intrusions; keeping up with patching systems and applications—all of these make it harder for an attacker to exploit access even if they do get into a network.”

SHARE: