New Report Combines Kivu and Hiscox Data on Ransomware Trends

In the first half of 2020 Kivu observed markedly higher ransom demands from attackers, a shift from opportunistic attacks to targeted attacks, and an increase in organized cyber-criminal syndicates leveraging theft of sensitive information to extort high ransoms from victims regardless of the existence of back-ups.

Our latest in-depth report, Trends in Ransomware and Doxing 1H 2020 Review | The Insurance Edit, delves into ransomware and doxing trends, providing a detailed assessment of affected industries and countries, as well as a taxonomy of the most prolific ransomware variants. Insurance insight is provided by cyber industry experts at Hiscox.

The research shows that by leveraging a variety of methods for infiltration attackers have honed their skills to remain within networks for longer periods of time, allowing them to conduct more thorough research on their victims.

Kivu data also shows a 200% increase in the size of ransom demands and payments in 1H20 compared to 1H19. The average ransom payment Kivu facilitated amounted to $231,373.11 in the first half of this year. Comparatively, the average ransom payment equalled $116,210.39 in the same period last year.

Attackers are finding that the threat of regulatory penalties and other legal complications is a powerful motivator for victims to pay ransoms, leading to a growing trend of data exfiltrating and doxing.

Each ransomware variant – and the group which operates it – has its unique traits and characteristics. This means there is no one size fits all approach to countering and mitigating ransomware attacks. There is, however, value in understanding the individual variants and groups as this background knowledge can assist incident responders in their negotiation as well as forensic response. The report covers the main ten variants of 1H20 and the industries they target, as well as common attack patterns.

Variant Example | Maze ransomware
When analyzing victim profiles of Maze, Kivu found that the group targeted organizations with the greatest variety in revenue: the lowest revenue amounted to just over $100K and their most lucrative victim allegedly had revenues of $80B. Looking at all 1H20 attacks, Maze victims averaged over $1.5B in revenue, the highest among all ten tracked variants.

In order to provide insurance context we worked with leading cyber insurance carrier Hiscox. Their team added data insight from their annual Hiscox Cyber Readiness Report 2020 as well as expert commentary drawn from years of providing cyber liability insurance to businesses in North America and Europe.

The result is a comprehensive report on the state of ransomware crime and its consequences for businesses worldwide.