Cybersecurity experts are warning that cyber insurance payouts to ransomware victims will exacerbate the ransomware threat in the log run. After several reports in 2018 predicted the demise of file-encrypting malware, the threat made a staggering comeback this year with targeted attacks on businesses and dozens of local governments, especially in the United States. In quite a few cases, victims opted to pay the attackers six-figure amounts to retrieve their data. While this was sometimes done as a last resort, some victims were urged to pay by insurers who simply considered it the cheapest method of recovering lost data.
According to Fortalice Solutions CEO Theresa Payton, insurance firms “[look] at what the potential incident response and forensic bill might be and that’s going to be bigger in many cases as organisations aren’t prepared, so they’d actually rather pay.” The result of this is that cybercriminals are actively starting to target companies that have cyber insurance because they are more likely to pay up. Bob McArdle of Trend Micro explains that there are “attackers who get on a network and sit there for months, really profiling the target. What they’ve started to do is look at your [recovery] playbook.” If this reveals that your firm has cyber insurance, “they’ll see that you’ll pay and it’s guaranteed they’ll hit that.” In order to make payouts even more likely, attackers are carefully calibrating their ransom demands to make sure that paying up is always going to be cheaper for the victim than recovering from backups of with the help of cybersecurity firms.
Read more: Ransomware: Cyber-insurance payouts are adding to the problem, warn security experts