What’s driving rising ransomware attacks

Ransom note to convey increase of cybercrime using ransomware

Ransomware attacks are increasing globally thanks to evolving cybercrime tactics that make it easier for thieves to transfer data from computers or other devices.

“Cyber claims frequency has picked up again this year as ransomware groups continue to evolve their tactics,” said Scott Sayce, global head of cyber at Allianz Commercial. “Based on claims activity during the first half of 2023, we expect to see around a 25% increase in the number of claims annually by year-end.”

The in-vogue technique, data exfiltration (also called data extrusion or data exportation), can sharply raise costs for a cyber claim or loss because such data hijackings can take a long time to resolve. And, the IT, forensic and legal talent to manage such incidents is expensive.

“If data has been stolen, companies must know exactly what data has been exfiltrated and will likely have to notify customers, who could seek to claim compensation or threaten litigation,” Allianz noted in a recent report.

“Several factors are combining to make data exfiltration more attractive for threat actors. The scope and amount of personal information being collected is increasing, while privacy and data breach regulations are tightening globally,” said Michael Daum, global head of cyber claims at Allianz Commercial. “At the same time, the trends towards outsourcing and remote access leads to more interfaces for threat actors to exploit.”

Based on volume and frequency, ransomware and extortion-based attacks remain the largest source of cyber insurance claims, the company said.

What’s more a 2023 Cyber Claims Study from NetDiligence found ransomware continues to be one of the top cyber threats to Canadian businesses, even though wire transfer fraud incidents are more expensive on average.

See also  How To Teach Your Puppy To Sit

 

Attacks becoming sophisticated

While Allianz told CU its report didn’t focus on specific countries because “ransomware attacks do not respect geographical boundaries,” the company said data from the Canadian Centre for Cyber Security (CCCS) shows “ransomware attacks are on the rise and are becoming more sophisticated.”

Fraud and scams, particularly phishing-based threats, “are almost certainly the most common form of cybercrime that Canadians will experience over the next two years, as cybercriminals attempt to steal personal, financial, and corporate information via the Internet,” CCCS noted in a recent report

Such attacks predominantly go after personally identifiable information, credit card data or compromised credentials that are sold in the dark corners of the web.

“In some cases, information stolen during frauds and scams is leveraged to conduct other cybercrime, such as ransomware,” CCCS’s report said. For example, it said phishing emails – designed to make recipients give up personal details or other information because they believe they’ve been contacted by a colleague or friend – are a common access point for ransomware attacks.

“Today, ransomware attacks often use the double extortion tactic. Before encrypting, ransomware actors will exfiltrate files and threaten to leak sensitive information publicly if the ransom is not paid,” the report said. “Some cybercriminals have moved beyond double-extortion tactics to conduct triple or quadruple extortion to maximize the chance their victims will provide payment.”

While double- and triple-extortion attacks aren’t new, Allianz noted they have become more prevalent, have larger impacts and are more costly for affected companies. It added a growing number of incidents caused by poor cyber security around mobile devices.

See also  Fifty shades of broker independence

What’s more, claims analysis by Allianz Commercial found cyber breaches that are not detected and contained early can be 1,000 times more expensive than those that are. “Companies should direct additional cyber security spend on detection and response,” Allianz’s report noted. “Only one third of companies discover a breach through their own security teams.”

 

Feature image by iStock.com/RapidEye