What is Ransomware?
Ransomware is a type of malicious software, or malware, designed to prevent access to a computer system until a sum of money is paid. The software infects systems, restricting users from accessing files, or in some cases rendering files inaccessible for users. Cybercriminals achieve this by encrypting the system and will not provide decryption solutions until the company has paid the ransom demand. What is more, it doesn't matter the size of an organization for it to fall victim to ransomware.
The malicious software is usually contained within an attachment to an email that often looks perfectly innocent. Once opened it encrypts the hard drive, making it impossible to access anything stored on there.
Ransomware is the most significant cyber insurance claim trend at present, where the amount of incidents has gone up by 400% since last year, with considerable extortion demands, so both frequency and severity are being hit. In 2020 almost 70% of US organizations experienced a ransomware attack and paid the demand.
As a result of the surge in cyber incidents, regulators have shifted their perspective regarding privacy and cybersecurity infrastructure, where organizations are now being charged punitively high. It is increasingly important that businesses act with prudence as they consider spend and implementation of their IT security and privacy safeguards.
The dark web has become a marketplace for cyber-crime products. Different ransomware variants are growing exponentially now and coupled with the ever-expanding platforms on the dark web, bad actors can capitalize more than ever before. Fortunately, cybersecurity firms are becoming more aware of this and can track companies' vulnerabilities to prevent them from occurring in the first place.
In the past year, double extortion cases have picked up some pace, where system encryption is just the first block companies face. The genuine threat of leaking confidential data once the bad actors are in the system is the next trick up their sleeve, and this is where data exfiltration occurs. In many cases, the hackers will still release the data into the public domain despite the ransom demand being paid. As a result, this incurs several costs in addition to the loss of income and recovery expenses, including notification costs, PR, and regulatory fines.
How to Prevent a Ransomware Attack?
In order to prevent a ransomware attack, it's essential to understand the specific entry points for ransomware to exploit computer systems. One of the most widely used platforms is social engineering, otherwise known as phishing. Users click on malicious links in emails or open malicious attachments, allowing the malware to infiltrate the system. Network intrusion is another access route, often from a vulnerability exploit within the system. In many cases, the company may not even be aware of this vulnerable feature, which is an example of how critical it is to be prepared for an attack.
Drive-by downloads can also take advantage of known vulnerabilities in the software of websites. Malicious code is inserted into the website, and it can redirect victims to another site under the bad actors' control, which hosts software known as exploit kits.
There are best practices for companies to adopt to reduce the likelihood of being victimized:
Core security infrastructure is paramount, with antivirus software as a starting point.
Preparing for attacks by investing in cybersecurity and outsourcing to third-party experts
Communicating the threats across your organization effectively is critical and making sure the message runs through the company ethos as well as possible.
Providing regular training and phishing tests to all employees and ensuring cybersecurity hygiene rules are being abided by at all times.
Staying abreast of the ever-changing cybersecurity landscape to apply necessary upgrades and security practices.
Act fast. If a threat or incident is identified quickly, the hacker has less time to cause further damage. Often the time between attack infiltration and company response is too long, and it's those crucial hours or days that can make a massive difference to the overall impact.
How Can AM RE Help?
At AM RE, we utilize our primary SME cyber underwriting experience and longstanding relationships with MGAs to offer best-in-class support for cyber-SME products. Our cyber reinsurance policy can help to cover the cost of business interruption losses and regulatory fines. It can help cover the cost of restoring the network, recreation of data and ensuring minimal financial and reputational damage in the event of a ransomware attack.
We work as a reinsurance intermediary, offering you Property Casualty treaty reinsurance traditionally using a Quota Share model. As capacity tightens within the cyber market, we recognize that alternative solutions are required, and can provide you with a tailored approach to this class of business.