A recent investigation by ProPublica has underlined a growing issue that is fueling the present ransomware crisis. Insurance firms are choosing to pay ransom demands because it is the best means of settling claims. A high ransom may be demanded, yet paying the ransom is still cheaper than covering the cost of restoring systems from scratch and retrieving data from backups.
Both the insurance provider and breached entity win when the ransom is paid. The insurance provider saves cash and since the majority of insurance policies simply need payment of a small deductible, so does the breached entity. Also, they are likely to get quicker access to their files and systems, which saves money and time by cutting down downtime. The hackers behind the attack are likewise happy since they got what they wanted.
This has been obviously confirmed in current attacks where the breached entity declined to pay up. The attackers behind the Atlanta City ransomware attack issued a demand of $51,000. The city did not pay and at the end paid about $8.5 million to take care of the attack. The Baltimore city also declined to pay the attackers $76,000 as ransom and at the end paid $5.3 million (and more).
There is obviously a drawback to paying a ransom. To do so allows the attackers to have the money to do more attacks. Paying hundreds of thousands in ransom payments sends the idea to other cybercriminals that it is indeed profitable to launch attacks. That simply motivates others to get on the ransomware bandwagon and begin conducting their own ransomware attacks. It is for this reason that the FBI warns against paying ransom.
The report additionally indicates that, in some instances, cybercriminals are picking companies with cyber insurance because there is a higher probability that the company will pay the ransom demand. The report mentioned that one company of cyber-insurance listed on its website information on a few of its clients and three of them encountered ransomware attacks.
Information regarding businesses that have cyber-insurance can likewise be obtained from SEC filings. Ransomware gangs could also use that information to locate potential targets.
It is unclear whether businesses are being targeted particularly because of having a cyber-insurance policy as there is little proof to back up such statements. More companies are not getting insurance, though it may just be coincidental that insured businesses have been attacked.
Many ransomware attacks still happen because of not identifying vulnerabilities and addressing the poor cybersecurity defenses. What is necessary is to have greater investment in cybersecurity alternatives, policies, and procedures so that ransomware attacks will not likely succeed, to begin with.