Rise of the Advanced
Blocking Crypto Ransomware Payments
The Ransomware Disclosure Act of 2021
The Ransomware Disclosure Act of 2021
The Future of Ran$omware Insurance
The primary philosophy behind insurance is that risk held collectively is smaller than risk held individually—otherwise put, that bad things will happen to some, but not to all. By paying a small amount of money into a system, every participant gains access to a pool of money larger than what they put in, that they can tap into if necessary.
But the system only works if the pool has more money in it than the sum of its claims. And when the claims begin to exceed the pool, insurance becomes either prohibitively expensive, or altogether unavailable.
When cyber insurance was originally introduced to insurance portfolios, it was seen as a low risk means of diversification. However, over the past several years, loss ratios in cyber policies have drastically outpaced those in the broader casualty industry, prompting cyber insurers to urgently reassess their risk appetites and premiums. And it looks like ransomware is to blame.
According to Insurance Journal, ransomware claims rose by 35% in 2020 and accounted for a whopping 75% of total cyber claims (Insurance Journal). Early predictions for 2021 appear even more grim.
The recent ExtraHop CISO survey supports this assertion. Of the 85% of respondents whose organizations experienced at least one ransomware attack, nearly three-quarters paid the ransom at least once. In most, if not all, of those cases, insurance was likely involved.
This rise in claims has alarmed insurers. If the number of claims continues at the current rate, ransomware is on track to become an uninsurable risk for insurance providers, who will grow to view it like they see a fire in California wine country or a flood in New Orleans—an inevitable risk. For California wineries and New Orleans residents, the solution is obvious, if painful. If the property you rely on for shelter or livelihood can't be protected financially or otherwise, relocation may be the only option.
But cyberattacks are not natural disasters. They are calculated efforts made by actors across the globe with very little to lose and everything to gain. And in our increasingly connected and interconnected world there is nowhere to move, and nowhere to hide.
So what happens when ransomware is deemed an uninsurable risk, as it seems likely it will be?
It's possible that the cost burden of ransomware will fall on the taxpayer. Much like the housing crisis of 2008, enterprises deemed "too big to fail" that are hit by ransomware will either need to be bailed out or risk extinction.
It's also possible that governments decide to much more aggressively target ransomware syndicates with counter-cyberterrorism measures. Following the attacks on Colonial Pipeline and Kaseya, the US and other governments took out the operations of Darkside and REvil. But this approach has its limitations. It's cost prohibitive and would likely be reserved to only the most serious attacks.
in the Ransomware Kill Chain
he best chance organizations have to protect themselves and their customers, avoid paying the ransom, and maintain their reputations, is to build defenses that interrupt attackers before they spring their extortion trap. Ransomware actors have the first-mover advantage and will likely gain initial access to the network. Having 100% intrusion prevention is an impossible goal. Winning the fight against ransomware requires SecOps teams to be strategic by extending the detection window. It requires organizations to expand their attention, focusing on damage prevention instead of intrusion prevention to establish ransomware resilience.
The number one resource that modern ransomware attackers have on their side is the ability to slink around the enterprise environment, just out of sight, accumulating as many assets and data to prime their payment calculus. Therefore, a defensive strategy must include the ability to shine a light on the dark corners where they're hiding and living off of the land.
The good news is, extortion driven intruders are not the type to stay in place. Their shameless drive for profit means that they're regularly moving around, looking for meaty data to damage, steal, and dangle over victim organizations. But, hidden in their greed is opportunity. Bad actors move laterally around your network. Organizations have ownership and visibility over their environment. If security teams are watching for the expansion tactics and lateral movement common to ransomware, it's possible to identify indications of compromise before the breach occurs.
By all measures, 2021 was a landmark year for ransomware. From record-setting ransom demands, to attacks on critical infrastructure and the first known supply chain-based ransomware attack, to the actions taken by the US government and its allies to take down perpetrators, it has become clear that we are facing an entirely new class of threat.
This new class of ransomware is sophisticated, well-funded, and its perpetrators are ruthless in the pursuit of illicit profit.
While there is no panacea for ransomware, there is hope. The scope and severity of attacks in 2021 brought new focus, urgency, and transparency to the problem of advanced cyber extortion.
New government initiatives aimed at curtailing the ability of ransom attackers to gain access to funds, combined with countermeasures that included shutting down major ransomware syndicates, represent an important shift in how authorities intend to treat attacks.
Likewise, private organizations and individuals are waking up to the reality of ransomware. From initiatives aimed at training employees to accurately spot phishing emails, to growing investment in cybersecurity, companies around the world are acknowledging the increasing severity of this evolving threat—and beginning to take action.