It almost goes without saying at this point: Ransomware attacks are on the rise.
Ransomware attacks grew by nearly 50 percent in the 2020 second quarter along compared to the first three months of the year, due in part to cyber vulnerabilities arising from pandemic-related work-from-home requirements, according to a recent report from Coalition, an InsurTech focused on cyber insurance and cybersecurity. Even the industry itself is vulnerable, with insurance broker Arthur J. Gallagher & Co. disclosing it was the victim of a ransomware incident at the end of September.
The insurance industry can use technology to mitigate the risk, said Corvus Insurance founder CEO Phil Edmundson.
Corvus is an InsurTech startup and MGA focused on providing “smart commercial insurance products” through artificial-intelligence-driven risk data. Launched in 2017, the company now has 100 employees (up from 40 earlier in the year), and $47 million in total venture financing.
This company recently announced one of its related products – Corvus Scan version 2.0 – helped generate “a dramatic reduction” in ransomware claims among new policies and its existing policy base.
Carrier Management Editor Mark Hollmer asked Phil Edmundson, the Corvus founder and CEO, why ransomware is becoming increasingly common, and how the industry can and should respond. Highlights of his answer are below.
Q: Ransomware seems to be in the news quite a bit lately. Is it becoming the go-to form of cyber attacks?
Edmundson: Ransomware attacks had been steadily increasing since 2016, but 2019 saw a sharp increase that has continued throughout 2020. Business email compromise (including fraudulent funds transfers caused by Social Engineering) remains the number one cyber attack across our claims, but ransomware is not far behind.
Q: If ransomware is becoming more common, why? What about it is so appealing in the minds of perpetrators?
Edmundson: As with most criminal activities, it’s about the money. An increase in “big game hunting” among cyber criminals, meaning targeting large entities with deep pockets, has driven up the high end of ransomware demands to seven and sometimes eight figures. This in turn has driven up the demands made of smaller companies, and bad actors are running towards ransomware for that reason: large returns.
Adding to the appeal of growing rewards is the relative ease of extracting them. Ransomware is sophisticated software; earlier perpetrators needed strong expertise to develop and successfully execute it. Now, with the proliferation of ransomware-as-a-service, would-be criminals have access to a thriving black market of tools, built by the real pros, to launch attacks in return for a cut of the ransom payment. This has lowered the barrier to entry for the ransomware enterprise.
Another tactic of note: Cyber criminals are more frequently “exfiltrating” data, stealing it in the process of attacking a victim organization. This forces even companies with adequate data backups, usually a bulwark against ransom demands, to consider paying up to avoid the attacker publishing any confidential stolen data. This tactic gives criminals a higher chance of a return.
Q: How does ransomware rank in terms of other forms of cyber attacks?
Edmundson: Along with cyber crime/social engineering it is one of the top two sources of cyber attacks that cause cyber insurance payouts. ”
Q: Why is there a ransomware scan for your initial commercial insurance products? What does this accomplish?
We built the Corvus Scan to detect many types of vulnerabilities, including those that are known to lead to ransomware attacks. First and foremost, this enables us to share key information with brokers and policyholders, which they can use to take steps to reduce their risk . We also use the cumulative data gathered by the scan over time to get a better understanding of risk and thereby improve our underwriting model. Our latest update of the scan, version 2.0, includes new detection and alerting of unprotected Remote Desktop Protocol (RDP). Unprotected RDP is the leading attack vector used by ransomware threat actors. The Corvus Scan 2.0 has been successful in helping our policyholders to identify and protect their use of RDP, as indicated by the reduction in claims we recently announced. [Remote Desktop Protocol is technology that lets IT administrators or other users take control of another computer or server, something enabling remote IT support and server management for years. The suspicion is that COVID-19-related work-from-home policies are making worse the unprotected use of RDB as companies that have never used it are rushing to implement it now.]
Q: Do you expect ransomware attacks to keep worsening in number? What should businesses expect?
Cyber criminals are entrepreneurial, and for now this business model is working well for them. Unless and until that changes, we expect ransomware attacks to continue to worsen in severity and frequency. As a result, premiums for cyber insurance are increasing. Businesses should expect to put more effort into their defenses against ransomware including more robust back-up methods, properly securing RDP, and taking a layered defense approach to email security to address the other main ransomware attack vector, phishing and various forms of Social Engineering.