Ransomware Attacks for 2019 Outpacing the Number of Incidents in 2018

In its latest Cyber InFocus Report, "Adapting to the New Realities of Cyber Risks," Chubb provided insight into the recent growth of ransomware attacks across industries and underscored best practices companies should take to combat the associated risks.

"Ransomware is not new, but has evolved over time," said Michael Tanenbaum, head of Chubb Cyber North America. "In today's environment, the impact of a company's system becoming inoperable can result in severe and long-term disruption for a business. Some ransom demands have grown to the six- and seven-figure range, so it is critical for businesses to understand the increased sophistication of ransomware, what procedures and systems need to be in place to mitigate the risk, and what solutions they need to protect themselves should they experience an attack."

Manufacturing accounted for 23 percent and professional services for 30 percent of the total number of ransomware incidents reported to Chubb across all industries through the third quarter.

Manufacturing companies, Chubb said, are more likely to be targeted because of their need to quickly restore operations, and professional service firms, which rely heavily on email, are often affected because of vulnerabilities associated with phishing attacks. However, ransomware can affect any company, regardless of size or industry.

The report defined ransomware as follows.

Ransomware is a type of malicious software that typically encrypts a victim's data or network accessibility to data so that the victim can't use it for their ongoing business and operational functions. To decrypt the data or environment, the bad actor usually makes a ransom demand in the form of a cryptocurrency, such as bitcoin, in exchange for a decryption tool.

Also identified in the report were the most common targeted ransomware strains, including Bitpaymer and Ryuk, and how these strains use a "banking Trojan," such as Trickbot or Emotet, to infiltrate their victim's system.

"A Banking Trojan malware infiltrates the victim's system through an open remote desktop protocol (RDP) access point or a phishing email. The malware then allows the bad actor to see sensitive information in the victim's system, such as financial statements, which demonstrate the victim's ability to pay the ransom," the report said.

According to Chubb, "Bitpaymer and Ryuk are two strains of ransomware that have been impacting computer systems since 2018. Unlike earlier variants, these attacks are not random, but target victims that have the financial ability to pay higher ransoms, generally in the six- to seven-figure range."

The report revealed, "Ryuk accounts for 50 percent of known variants [Chubb has] seen in 2019."

Additionally, Chubb said an emerging ransomware strain called Sodinokibi specifically targets its victims and demands larger than average ransoms.

The Chubb Cyber Index^SM provides the following.

• Malware claims, which include ransomware, have risen to 18 percent of all cyber claims in 2019 from an average of 12 percent over the past 5 years.
• Ransomware accounts for 40 percent of manufacturers' cyber claims in 2019 thus far.
• Ransomware accounts for 23 percent of cyber claims for smaller businesses (revenue less than $25 million) in 2019.

"As bad actors are continuously changing their attack techniques and increasing the complexity of the ransomware, it's imperative to implement multiple layers of preventative measures to mitigate potential incidents and ensure a reaction plan is in place if an attack occurs," said Anthony Dolce, vice president, cyber lead, Chubb North America Financial Lines Claims. "By regularly backing up data files and securing those backups offline, properly educating employees, investing in state-of-the-art security and antivirus software, and purchasing a comprehensive cyber insurance policy, businesses can be better prepared and protected no matter the threat."