DECRYPTING RANSOMWARE - SCOR's vision on what is and how to fight ransomware attack risk

30 July 2020 — Daniela GHETU
DECRYPTING RANSOMWARE - SCOR's vision on what is and how to fight ransomware attack risk
Over the past 3 years, ransomware has jumped into the spotlight in the cyber threat landscape. Annual ransomware demands have multiplied by ten, states the latest technical newsletter released by French reinsurer SCOR, analyzing in depth the ransomware attacks' mechanisms, as well as prevention and insurance solutions.

Covid-19 makes cyber resilience even more relevant, SCOR analysts have found, emphasizing that "the global COVID-19 pandemic has highlighted the need for organizations to dynamically review their cyber exposure because the rapid evolutions of their business environment may strongly impact their cyber posture." Work disorganization that occurred during the crisis in many organizations has offered threat actors an advantage and led to the intensification of the malicious activities. The healthcare sector makes a good example in this respect. "Our growing dependency on IT infrastructures and the agility needed to deploy new IT solutions make Ransomware risk management even more topical. In most cases, IT departments have successfully implemented IT solutions to adapt to the "new normal" situation, while maintaining an adequate cyber security level. This unprecedent situation marks the start of a new era for IT approaches and related cyber security best practices, supported by updated guidelines from cyber security agencies," the technical newsletter reads.

According to the SCOR analysis, the three sectors most impacted by ransomware are professional services, the public sector and healthcare. In financial terms, while in 2019 the annual cost of the ransomware attacks reached USD 11.5 billion, in 2021 the value is predicted to increase to about USD 20 billion. In 2019, as a response to the attacks, in 15% of cases the insurer paid the ransom for the targeted entities, while in 7% of cases the attacked entity didn't pay the ransom and lost the data; 13% of the attacked entity paid the ransom in some cases, while 19% always paid the ransom. In most cases (46%) the attacked entity didn't pay the ransom and decrypted data or replaced it with backups. However, experience shows that this last option is also the costliest one.


While at the beginning, about 15 years ago, most attackers were targeting personal computers and asked for small ransom sums, of less than USD 100, in the last years the accent moved on larger organizations across several business sectors (big companies, SMEs, police departments, nonprofit organizations, universities, hospitals, etc.), as their activity depends on data and they also have greater financial capacity, thus the attacks being more lucrative. Experts have observed latterly an increase in the average ransom payments made by large companies.

Of course, cyber insurance is only a part of the cyber risks' management operations, an ally in the fight against ransomware. Cyber insurance policies may cover cyber extorsion, data liability (notification and credit monitoring costs), specialized support in IT forensics, crisis management and legal advice, data restoration costs or Business Interruption and extra expense.

The full technical newsletter is available online here.