A report from ProPublica says that the response from insurance companies in the aftermath of a data breach is fuelling the rise in ransomware attacks on individuals and organisations, otherwise known as the extortion economy.
For the unversed, a ransomware attack is where a hacker or hacking group essentially takes control of an organisation’s data, and will only make it accessible again once a ransom has been paid, usually in the form of cryptocurrency. The report from ProPublica says that “even when public agencies and companies hit by ransomware could recover their files on their own, insurers prefer to pay the ransom. Why? The attacks are good for business,” author Renee Dudley explains.
“For insurers, it makes financial sense… It holds down claim costs by avoiding expenses” - Renee Dudley
Dudley’s report cites the high profile instance of Lake City, Florida, who was hit by a cyber attack and its data held for ransom. After deliberation on whether or not to pay the hacker 42 bitcoin (equivalent to USD $460,000), an insurance underwriter at Llyod’s of London recommended the city pay the hacker. “If this process works, it would save the city substantially in both time and money,” City Manager Joseph Helfenberger said under advisement.
City spokesman, Michael Lee, later said that “our insurance company made [the decision] for us… at the end of the day, it really boils down to a business decision on the insurance side of things: them looking at how much is it going to cost to fix it ourselves and how much is it going to cost to pay the ransom.”
“By rewarding hackers, it encourages ransomware attacks, which in turn frighten more businesses and government agencies into buying policies.”
As we’ve covered recently on the Best Practice blog ransomware attacks have reportedly risen by 118% in the first-quarter of 2019 alone. In that report, we quoted Christiaan Beek, who was discouraging organisations and individuals alike from paying ransoms to hackers. “Paying ransoms supports cybercriminal businesses and perpetuates attacks,” he said.
According to statistics cited by the author, “cyber insurance sold by domestic and foreign companies has grown into an estimated $7 billion to $8 billion-a-year market in the U.S. alone.”
“While insurers do not release information about such ransom payments, ProPublica has found that they often accommodate attackers’ demands, even when alternatives such as saved backup files may be available.”
“Paying ransoms supports cybercriminal businesses and perpetuates attacks.”
Both cyber security analysts and even the FBI have said in the past that paying ransoms to cyber criminals does little more than stoke the flame of the extortion economy, as hackers are able to identify the fact that organisations will more than likely pay the ransom demanded of them. However, as Dudley explains, “for insurers, it makes financial sense… It holds down claim costs by avoiding expenses such as covering lost revenue from snarled services and ongoing fees for consultants aiding in data recovery. By rewarding hackers, it encourages ransomware attacks, which in turn frighten more businesses and government agencies into buying policies.”
There are a number of concerns stemming from this trend, namely the fact that hackers will be more emboldened to hold individuals and organisations hostage in exchange for a fee, which analysts have noted in recent years has been rising steadily. They will also be happy to know that insurers are quick to suggest an organisation pay the ransom, which increases the chance they will be paid.
Interestingly enough, there was a case recently that we covered where a city government in New Bedford, Massachusetts bucked the trend, and rejected the demands of a hacker and elected to restore its systems from a backup file. The hacker gained access to part of the city’s network, demanding a ransom of $5.3 million. The city countered the hacker’s offer with a possible $400,000 payment, which the hacker ignored. This was in part a ploy to buy the city’s IT department more time, and to eventually restore its network from a backup file.