The REvil ransomware group (also known as Sodinokibi) has devised a new strategy that may morph into a concerning trend. The group intends to cyber stalk organizations with cyber insurance. The thinking is that organizations with insurance may pay up more often than organizations without. Much of the time, hackers just want to get paid. The REvil gang also aims to target insurance companies themselves.
Hackers after insurance companies
Why target insurance groups? The cyber criminals don’t want their bank account information; they want the client lists. Once the client lists are freely available, the hackers can pick off clients one-by-one. Because the clients maintain cyber insurance, the probability of a payday for the hackers remains high. The insurance groups will cover the ransomware expenses.
Years ago, the Maze ransomware gang devised a similar snare. Since then, the Maze group has allegedly ditched the ransomware business. Will REvil leave town after lifting enough money?
The cost of ransomware
In the last year, ransomware threat actors have reeled in the profits. They’ve demanded that organizations pay seven or eight figure dollar amounts to recover data. According to reports, in a scheme that’s slowly gathering momentum, hackers now insist upon one payment for data decryption and a second payment to prevent them from dumping the data on the dark web. In some instances, hackers may publicly publish data despite payment.
The home office, ransomware and insurance implications
Recent transitions to remote work may have accelerated ransomware trends. For hackers, insecure remote access means that it’s easier than ever to gain a foothold in ecosystems.
How can the cyber insurance industry keep pace with these alarming new attack trends? Can reinsurance serve as an adequate backstop (insurance for insurance companies)? Over 75% of reinsurers retain less than $100 million in premium, and some have fewer than $50 million. In summary, demand for cyber reinsurance could potentially outstrip availability.
These ransomware attacks associated with cyber insurance and insurance firms represent a wake up call when it comes to data security. For more on this story, visit the Harvard Business Review.