Ransomware attacks have increased in frequency over the past few years. They now rank as the second most frequent type of claim against cyber insurance policies. Experts estimate that a new business is hit with a ransomware attack every fourteen seconds. For 2019, early information is showing that the frequency of ransomware attacks may be decreasing. This seemingly positive trend comes with two significant drawbacks however.
First, hackers responsible for ransomware attacks are increasingly refusing to turnover encryption keys to businesses even after payment of ransoms. Instead, these cyber criminals have started to use the initial payment as an attempt to assess the severity of the damage their attack has caused and use that to request and even larger secondary ransom. This significantly complicates the way in which companies need to respond to ransomware attacks. Businesses can no longer assume that prompt payment of the ransom will allow them to get back up and running.
Second, the severity of ransomware attacks has increased significantly. Experts have predicted that the amount of ransom demanded would increase for several years. 2019 is showing that prediction coming true, with ransom demands being reported in the hundreds of thousands or even millions of dollars. This is a significant change from the previous way these hackers did business, which often involved comparatively small ransom demands aimed at encouraging companies to pay faster.
Ransomware attack severity is also increasing due to larger and larger contingent business interruption losses. Traditionally, the total loss from a ransomware attack was three to four times the amount of the ransomware payment. Most of the expense from a ransomware attack goes to forensics and other technical expenses. As ransomware attacks become more diverse and more technologically complicated, those expenses increase. That also means that the expected downtime for the business increases as well, leading to larger and larger business income losses.
It is impossible to fully stop or protect one’s self against ransomware attacks using only technological solutions. Companies need several things in place to adequately respond to a ransomware attack to help prevent them in the first place, but also to help mitigate against the extent of damages if an attack does occur. These involve employee training to prevent hackers gaining access to your system, robust, adequate cyber insurance with both loss prevention and response elements, and a detailed response plan laying out appropriate actions in advance. While more simple steps like regularly backing up your system can help significantly, such actions only go so far against increasingly sophisticated cyber criminals.