Ransomware attacks are occurring frequently worldwide, but victims in the U.S., Canada, the U.K., Germany, and Australia are hit, on the average, with a ransom demand that is $214,096, or 26% higher, than the global average.
And the road to ransomware recovery seems just as troublesome.
Insurance Companies Are Denying Claims
Increasingly, security insurance claims are being denied. In the first half of 2020, 41% of cyber-insurance claims were related to ransomware attacks. As ransomware becomes more common, insurers have imposed limits or stopped covering ransomware altogether. In the U.S., 73% of insurers are declining more applications for cyber coverage. Insurers are reducing coverage for high-risk sectors, auditing applicants’ security when they apply, lowering total coverage limits, and capping ransom payouts, reducing the amount of ransom recovered by claims.
Regulatory changes will increase costs to businesses that fail to prevent an attack. Within the EU, GDPR imposes fines on businesses that fail to protect consumer data. In the United States, California’s CCPA allows consumers to sue businesses after a breach — without having to prove the breach caused harm. In 2020, the U.S. Treasury began prosecuting those who facilitate ransomware payments made to sanctioned individuals and jurisdictions. Worldwide, law enforcement agencies discourage ransomware payments on the theory that giving in to demands encourages more attacks. So far, paying ransoms is not illegal, but the legal repercussions for the attack can make paying them as productive as not.
Ransomware is Becoming More Complex
Ransomware attacks are becoming more and more multitiered. Many people stereotype ransomware attacks to resemble the 2016 WannaCry attack. Now, ransomware attacks target more aspects of an organization. Attacks are often coordinated with network penetration, credential harvesting, attacking backups, and double extortion. In addition to all of these overt attack strategies, are attacks at the software level.
‘Zero-day’ describes a computer-software vulnerability unknown to those who should be interested in its mitigation. This includes the vendor of the target software. The latest target of a zero-day attack was an IT management software for MSPs and IT teams called Kaseya. This compromised both the software and the software’s clients, impacting up to 1,500 businesses that have been targeted.
Safeguarding your business from ransomware attacks is increasingly important. Attacks like the one on Kaseya make it evident that securing your business is only the start. You must also safeguard your asset as a client, from the software that stores much of your vulnerable data.
The true extent of ransomware is unknown. Most likely, many victims pay the ransom demand and never report the breach, but known ransomware attacks increased 700% in just 2020. Three out of every four IT organizations are predicted to be targeted by at least 1 ransomware attack by 2025. Business operation interruptions caused by ransomware attacks can cost up to 23x more than the ransom itself, pushing the current total cost of ransomware attacks to more than $20 billion annually.
You can protect your business from cyber attacks, safeguard your data, and avoid the devastating consequences suffered by ransomware victims.