In the first half of 2020 Kivu observed markedly higher ransom demands from attackers, a shift from opportunistic attacks to targeted attacks, and an increase in organized cyber-criminal syndicates leveraging theft of sensitive information to extort high ransoms from victims regardless of the existence of back-ups.
In the latest in-depth report by Kivu, Trends in Ransomware and Doxing 1H 2020 Review | The Insurance Edit, the DFIR service provider teamed up with leading insurer Hiscox to delve into ransomware and doxing trends, as well as the implications for the commercial insurance industry.
The report furthermore provides a detailed assessment of affected industries and countries, as well as a taxonomy of the most prolific ransomware variants. Kivu conducted research into the main ten variants of 1H20 and the industries they target, as well as common attack patterns.
Ransomware group Maze was found to target organizations with the greatest variety in revenue: from just over $100K to alleged revenues of over $80B. Across 1H20 Maze victims averaged over $1.5B in revenue, the highest among all ten tracked variants. The data suggests the group is willing to attack any organization they deem capable of paying a ransom.
By leveraging a variety of methods for infiltration attackers have honed their skills to remain within networks for longer periods of time, allowing them to conduct more thorough research on their victims.
This translates into higher ransom demands as attackers use public and confidential data to evaluate revenue and profitability.
Kivu data shows a 200% increase in the size of ransom demands and payments in 1H20 compared to 1H19. The average ransom payment Kivu facilitated amounted to $231,373.11 in the first half of this year. Comparatively, the average ransom payment equalled $116,210.39 in the same period last year.
Much of this is driven by a fairly new practice of doxing, where a ransomware victim’s data is stolen and published and/or sold on the dark web. The mere threat of doing so is often enough to increase the likelihood of the attackers receiving the demanded ransom.
“Attackers are finding that the threat of regulatory penalties and other legal complications is a powerful motivator for victims to pay ransoms, leading to a growing trend of data exfiltrating and doxing,” says Global MD Winston Krone. “We believe that we’ll be seeing a lot more of this practice in Q4 and beyond. And the insurance industry needs to be prepared. This could have signification implications for claims payments and policy premiums.”
Managing Director of Strategy Bridget Q. Choi adds, “In order to provide the all-important insurance context we were pleased to be able to work with Hiscox’s cyber industry experts. They added valuable data insight from their claims data and annual Hiscox Cyber Readiness Report 2020 as well as commentary drawn from years of experience in both North America and Europe. The result, we firmly believe, is one of the most comprehensive reports on the state of ransomware crime and its consequences for businesses currently available.”
The full report can be accessed here >