Reported Ransomware Attacks for 2019 Already Outpacing Total Number of Incidents in 2018
Manufacturing And Professional Services Companies Among The Highest-Risk Industries
Ransomware is not new, but it continues to evolve over time. The recent growth of ransomware attacks across industries underscores the need for organizations to utilize best practices in order to combat the associated risks. The impact of an inoperable business system can result in both severe and long-term operational disruption.
Attackers are becoming more brazen with some ransom demands growing to the six-and seven-figure range. It is critical that organizations understand the increased sophistication of ransomware, what procedures and systems need to be in place to mitigate the risk, and what solutions are necessary for an adequate and appropriate response should they experience an attack.
Cyber insurer Chubb Cyber recently released a report on ransomware trends. Chubb Cyber combines underwriting and third-party incident response services to insure cyber risk. The Cyber business is part of Chubb, the world’s largest publicly traded property and casualty insurance company.
Of the total number of ransomware incidents reported to the cyber insurer through the first nine months of 2019, two industries combined for 53% of all reports. Manufacturing companies (23% of reports) are more likely to be targeted because of their need to quickly restore operations, and professional service firms (30% of reported incidents), which rely heavily on email, are often affected because of vulnerabilities associated with phishing attacks. However, ransomware can affect any company, regardless of size or industry.
The Chubb report provides market insight based on third-party research and proprietary claims data from more than two decades of insuring organizations against evolving cyber threats. Additional highlights from the Q3 2019 report found that:
- Malware claims, which include ransomware, have risen to 18% of all cyber claims in 2019 from an average of 12% over the past five years
- Ransomware accounts for 40% of manufacturer’s cyber claims in 2019 thus far
- Twenty-three percent of cyber claims for smaller businesses (revenue less than $25M) in 2019 were associated with ransomware
Bad actors are becoming more sophisticated with targeted ransomware attacks. The most common types of ransomware reported are Bitpaymer and Ryuk, which use a banking Trojan, such as Trickbot or Emotet, to infiltrate their victim's system. An emerging ransomware strain called Sodinokibi specifically targets its victims and demands larger than average ransoms.
“As bad actors are continuously changing their attack techniques and increasing the complexity of the ransomware, it's imperative to implement multiple layers of preventative measures to mitigate potential incidents and ensure a reaction plan is in place if an attack occurs,” said Anthony Dolce, Vice President, Cyber Lead, Chubb North America Financial Lines Claims. “By regularly backing up data files and securing those backups offline, properly educating employees, investing in state-of the-art security and antivirus software, and purchasing a comprehensive cyber insurance policy, businesses can be better prepared and protected no matter the threat.”