Ransomware attacks on a prominent insurer’s client base rose by more than 100% last year, driven by new attacks on healthcare, professional services and financial institutions, according to new figures released Monday.
Beazley Breach Response services, a unit of the London-based insurance firm, said Monday that its clients reported 775 ransomware attacks in 2019, a 131% increase over the previous year. The spike was motivated by a combination of factors, including the increased accessibility of pernicious strains of malicious software, higher demands and the simple inability of enterprises to fend off phishing emails or protect remote desktop protocol technology.
The numbers are the latest addition to a pervasive ransomware problem that has been difficult to quantify. Victims often do not report attacks to law enforcement, while extortion demands range from thousands to millions of dollars. Meanwhile insurers like Beazley are asked to cover ransomware claims, and typically keep their risk modeling and coverage decisions on such matters private.
Attacks increased by 20% on a year-over-year basis over the course of 2018, and 9% in 2017, the report noted. Last year, by contrast, saw the wider adoption of ransomware strains like Ryuk and Sodinokibi. Hackers often combine those ransomware tools with other hacking techniques, like the TrickBot banking trojan, to break into a target’s networks, then install the ransomware.
“With the rise in the number of attacks, the sums being demanded by cybercriminals have also expanded exponentially, with seven- or eight-figure demands not being unusual,” Beazley stated in its report.
Clients in the healthcare sector were hit with 35% of attacks in 2019, more than any other sector, the insurance firm noted. Financial institutions were victimized in 16% of the attacks, while 12% hit education and 9% occurred in professional services. Some 62% of the victims were small and medium-sized businesses.
The report did not detail how many of the affected firms paid.
Some 17% of the ransomware attacks reported to Beazley in 2019 originated from attacks on third-parties, like IT vendors or managed service providers.
These figures come as the insurance industry continues to assess whether to pay the extortion fees that hackers impose on their clients. While different insurers address ransomware attacks in different ways, the goal for a provider is to help a client resume normal operations as quickly as possible.
Firms like Connecticut-based Coveware often work on behalf of insurers, collecting data on hackers, which “can often determine the extent to which the attacker is willing to negotiate the amount of the payment beyond the deadline and can assist the attacked company with those negotiations,” the Beazley report noted.