While other types of cyber fraud have been a large area of focus the last few years, ransomware remains a significant threat to businesses of all shapes and sizes.
“I can say we haven’t seen it slow down,” said Lindsay Nickle, partner, Constangy, Brooks, Smith & Profete, LLP. “We’re still seeing a hit increase from last year.”
“It’s still out there and about 90 percent [comes in] through phishing emails,” said Jonathan Biggs, vice president and director of risk management and education, Investors Title Insurance Co. “One of the biggest problems now that’s emerging is artificial intelligence (AI). It does not make ransomware possible, but AI is enhancing the way these fraudsters are able to craft emails and generate volumes of emails. So instead of being able to spot the emails more quickly because they might have been originated in a foreign language, now they’re coming in grammatically correct, the spelling is correct.”
NetDiligence’s 2024 Cyber Claims Study showed these findings.
“Ransomware is the leading cause of loss in the insurance world,” NetDiligence President Mark Greisiger said . “However, it’s very closely linked to the second cause of loss, business email compromise. … Every business sector touches both threats, and large and small companies. It’s Main Street and it’s Wall Street.”
The study, which looked at 10,000 cyber insurance claims, with information supplied by cyber insurance companies around the world, found the average demand for a small business was $3.1 million, with the ask in some instances being much larger.
Surefire Cyber Chief Delivery Officer Joe Tarraf noted threat actors are getting into environments the same way they always have.
“There are low-hanging fruit that the threat actors are always exploiting, things like publicly exposed remote desktop protocol or not enabling multi-factor authentication on a VPN,” he said. “These tactics are still very much prevalent.”
Nickle said the vast majority of threat actors operate a double extortion method, encrypting the environment and stealing the data as ways to extort payments. Some groups do one or the other, and some can pivot based on the situation. If a victim has good defense mechanisms that prevent encryption, the threat actor may pivot to an exfiltration.
For more on the threat of ransomware, including the tools and strategies that can be employed to protect against such threats, read the full story in our Cybersecurity Today special report, which can be accessed here.