Ransomware attack: what is it?
A ransomware attack is classified as a type of malware attack where the attacker encrypts the user’s files, directories, or whole device and holds them hostage until a ransom is paid. With the help of encryption techniques, this essay seeks to provide a thorough explanation of ransomware attacks, including what they are, how they work, and how to prevent and defend against them.
Dr. Joseph Popp, an evolutionary biologist, used the AIDS Trojan Horse to launch the first ransomware attack in 1989. He offered to give the decryption key for as little as $189. These days, the average ransomware settlement is millions of dollars.
Cybersecurity is an industry that is always evolving, more so than any other. However, in the last few years, the field of cyber security has seen an unparalleled number of significant transformations, particularly in the fight against ransomware. By 2031, victims of ransomware are expected to lose around $265 billion (USD) a year.
Ransomware Attack Trends and Analysis 2023:
In a single year, there were 1,900 ransomware attacks in just four countries: the USA, Germany, France, and the UK. According to the most recent statistics on ransomware, phishing is the main way that ransomware is distributed. According to a recent analysis, ransomware attacks affected 75% of the 1400 businesses examined, underscoring the malware’s ongoing prevalence in the commercial sector. 48 separate ransomware groups are attacking the USA only.
The number of ransomware attacks is steadily increasing. 87% of organizations already have their own risk management programmes to derive their security roadmap. Yet only 35% believe their program is working well.77% of the ransom was paid by insurance companies, but they are catching on. 21% of organizations found out that ransomware is specifically excluded from their security insurance. 74% saw their premiums increase, 43% saw increased deductibles, and 10% saw their coverage benefits reduced. 41% of organizations have a “Do-Not-Pay” policy on ransomware attacks. Yet 80% of the organizations attacked paid the ransom.
Unsurprisingly, the United States remains the nation most frequently targeted by ransomware, with the business services industry being the most targeted sector.
Top ransomware attacking groups with their number of victims:
- Lockbit3– 252 victims
- Clop: 177 victims
- Alphv: 119 victims
- 8Base: 91 victims
- Play: 74 victims
- Bianlian: 65 victims
- Noescape: 59 victims
- Akira: 56 victims
- Cactus: 53 victims
The top countries targeted by ransomware in 2023 are:
- USA
- UK
- Canada
- China
- Germany
- France
- Australia
- Italy
- Spain
- Brazil
The top sectors targeted by ransomware attacks in 2023 are:
- Business services: 525 attacks
- Manufacturing: 232 attacks
- Retail: 148 attacks
- Finance: 131 attacks
- Insurance: 131 attacks
- Real Estate: 131 attacks
- Critical infrastructure: 70 attacks
Major Ransomware Attacks and Incidents in 2023
- US Marshals Services: After an attack in February 2023, the US Marshals Service is still recuperating months later. The Technical Operations Group (TOG), which offers surveillance capabilities to pursue fugitives, was the victim of the attack on a computer system that included sensitive law enforcement data. The Marshals service still needs to deploy a new, more secure version of the affected system online, even though the “most critical tools” were recovered in less than 30 days. PII referring to subjects of USMS investigations and third parties, administrative data, results from legal proceedings, and personally identifiable information (PII) of workers were among the stolen material.
- Minneapolis Public Schools: After claiming to have attacked Minneapolis Public Schools, exfiltrating a vast amount of data, and demanding $1 million to prevent the material from being exposed on the dark web, Medusa grabbed headlines. The data they eventually revealed was what created an uproar, and that was the darker reason for the headlines than the attack itself. Among the 300,000 files that the ransomware gang released in March following the attack were private documents, including whole folios for cases of sexual assault. SSNs, contact details for district staff, medical records, and accusations of discrimination were among the other information that was released.
- Royal Mail system attack: The Emotet malware was discovered on Royal Mail systems in November of last year, which is when it all started. Then, early in January 2023, an associate employing LockBit Ransomware-as-a-Service (RaaS) launched a ransomware attack on Royal Mail. The printers at the distribution centre close to Belfast, Northern Ireland, started printing the demands of the ransomware group as a result of this attack.
- Attack on China’s biggest bank, ICBC: In November, China’s largest bank, ICBC, was the target of a ransomware attack, which caused havoc on Wall Street and Beijing. The Federal Reserve must find a solution to the attack that caused failed trading rates in the US Treasury market to surge by over $60 billion. The attack forced the bank’s New York subsidiary to close, leaving ICBC’s Financial Services Unit unable to clear U.S. Treasury trades and forcing it to isolate its impacted systems. The business had to use a messenger in Manhattan to deliver vital settlement details for its trades to impacted parties on a USB stick since it was momentarily unable to access its corporate email accounts. LockBit took ownership of the bank attack and verified that the bank had paid the ransom in order to assist get its systems back up and running.
- MOVEit exploit and ransomware attack: Undoubtedly, Clop’s utilisation of the zero-day vulnerability present in MOVEit has emerged as one of the most significant cybersecurity news stories of the year thus far. It is thought that the vulnerability has been exploited since May 27th, and in the weeks that followed, there were several waves of data breaches caused by it. It is currently estimated that there are 600 organisations on the victim list, and totals indicate that the attack has impacted close to 40 million people thus far.
Impact of ransomware attacks on insurance policies:
Ransomware has had a major effect on the cyber insurance market in recent years. Insurance firms have seen a spike in ransomware-related claims as the frequency and intensity of these incidents have increased. As a result, these attacks have resulted in revisions to policy terms, higher premiums, and a more comprehensive inspection of potential policyholders.
A significant obstacle facing the cyber insurance sector is the unpredictable nature of ransomware attacks. Ransomware attacks, in contrast to other cyberthreats like DDoS attacks or data breaches, are frequently made to be undetectable and might go unnoticed for days, weeks, or even months. Organizations may suffer large financial losses as a result, and insurance companies may also have to pay for related mitigation costs and ransom payments.
An analysis of nearly 6,000 cyber insurance claims revealed that ransomware was the leading source of loss, with an average ransom of $247,000 and an incident cost of $352,000. Regarding ransomware, the average insurance claim expense is approximately $485,000.
Fears that they may be supporting cybercrime are among the biggest problems facing insurance companies. Insurance companies may establish a market that protects businesses without helping cyber extortionists by learning about the industry and collaborating with regulators and the legal system.
In addition, policyholders are being required by insurers to undertake frequent security audits and execute particular cybersecurity procedures in order to be eligible for coverage. This could involve the specifications for incident response plans, network segmentation, personnel training, and multi-factor authentication. Certain organisations may find these requirements difficult and costly, particularly those with few IT resources or those in highly regulated sectors.
Because it shows that the company has taken proactive measures to lower the risk of a successful ransomware attack and limit the potential impact of an attack, having a ransomware prevention remedy to identify and respond to an active ransomware attack may help lower cyber insurance premiums. In the end, though, this comes down to the insurance company and the details of the policy that is being provided.