Resilience sounds alarm on 300% ransomware resurgence

Dive Brief:

A report unveiled Tuesday by cyber insurer Resilience takes aim at the notion that 2022 was a game-changing year in the fight against ransomware.
While data from blockchain analysis firm Chainalysis suggests that ransomware activity slowed last year, an analysis of 2022 ransomware claims by Resilience customers shows more of a mixed picture, according to the report. Resilience said its ransomware claims dropped in the first half of 2022, but the trend began to reverse itself in the latter half of the year. The claims grew 300% from the third quarter of 2022 to the first quarter of this year, it said.
“These ransomware actors are continuing to innovate and adopt new technologies in order to drive up their profits,” Resilience CEO Vishaal Hariprasad said in an interview. “Any company that’s not taking this seriously is going to get hit.”

Dive Insight:

Resilience isn’t the only company in the insurance industry that is raising new alarm bells over ransomware, a form of malicious software used by criminals to prevent companies from accessing their own computer files, systems or networks until a ransom is paid.

Last week, Corvus, another cyber insurer, reported a “sudden global explosion” in the frequency of ransomware attacks during the early months of 2023, with 452 new victims’ data appearing on dark web sites in March. However, despite the rise in observed activity, the rate of claims at Corvus has continued to trend downward this year, the company said.

In addition, insurance broker Marsh disclosed recently that the number of ransomware claims filed by its U.S. clients spiked 77% in the first quarter of the year compared with the prior three-month period.

Ransomware purveyors extorted about $456.8 million from victims in 2022, down from $765.6 million the year before, according to Chainalysis.

Some cybersecurity experts have attributed the 2022 dip in ransomware claims to the beginning of Russia’s invasion of Ukraine, Resilience noted in its report.

“As many traditional ransomware actors hail from both Russian and Eastern European nations, it would be logical that the war disrupted normal cross-border business relationships,” the report said. “What is clear from the second half of 2022 and the beginning of 2023, is that ransomware is back.”

The findings reveal a cyber insurance market that is still “very much under crisis,” according to the report. “Contrary to popular belief, ransomware in 2022 continued to go up as a primary cause of loss,” it said.

Resilience also found that transfer fraud and vendor data breaches are now leading causes of cyber insurance loss following a surge in digital payments and companies’ increased reliance on third-party software-as-a-service vendors to support remote work in the wake of the COVID-19 pandemic.

About 78% of Resilience’s clients impacted by ransomware last year were able to avoid paying a ransom to resolve an incident, according to the report. That’s nearly half the average victim payment rate of 41% measured by ransomware response firm Coveware in 2022, it said.

Resilience favors a “holistic” approach to managing cybersecurity risks that involves using a combination of insurance and technology services, with a focus on building continuous engagement among CFOs, chief information security officers and risk officers.

“Cybersecurity decisions need to be business decisions, and I think the CFO needs to set the priority and example for the company,” Hariprasad said.