Ransomware incidents rising again as criminals use data exfiltration and supply chain attacks to maximize their leverage.
Allianz Commercial has issued a recent report warning of a concerning resurgence in ransomware and extortion incidents in 2023, following two years of high yet stable loss activity in the cyber threat landscape. This resurgence is accompanied by hackers increasingly targeting both IT and physical supply chains, orchestrating mass cyber-attacks, and devising novel methods to extort money from companies, regardless of their size. Notably, most ransomware attacks now involve the theft of personal or sensitive commercial data, elevating the cost and complexity of incidents while posing a higher risk to a company’s reputation.
Analysis of significant cyber losses by Allianz Commercial reveals that the number of cases involving data exfiltration has been steadily rising, nearly doubling from 40% in 2019 to nearly 80% in 2022, with a notable increase expected for 2023.
Scott Sayce, Global Head of the Cyber Center of Competence for Allianz Group, notes, “Cyber claims frequency has picked up again this year as ransomware groups continue to evolve their tactics.” He anticipates around a 25% annual increase in the number of claims by the end of the year and emphasizes the importance of developing robust detection and swift response capabilities as essential elements of a well-protected company.
The Allianz Commercial report reveals that in 2022, cyber claims had stabilized, a reflection of improved cybersecurity and risk management among insured companies. Law enforcement efforts targeting cybercriminal groups and the Ukraine-Russia conflict had also contributed to this stability. However, during the first half of 2023, ransomware activity increased by 50%. Ransomware-as-a-Service (RaaS) kits, with starting prices as low as US$40, continued to be a driving force behind the surge in attacks. Furthermore, ransomware groups have accelerated their attacks, with the average time to execute an attack decreasing from approximately 60 days in 2019 to just four days.
Double and triple extortion incidents, combining encryption, data exfiltration, and Distributed Denial of Service attacks to obtain money, are becoming more common. Several factors contribute to the attractiveness of data exfiltration for threat actors, including the increased collection of personal information, tightening global privacy and data breach regulations, and the rise of outsourcing and remote access, providing more opportunities for exploitation.
Data exfiltration significantly increases the cost of a cyber claim, prolonging the resolution process and incurring high expenses for legal and IT forensics. Companies must also notify customers if data is stolen, potentially leading to compensation claims or threats of litigation.
Several large-scale mass ransomware attacks have occurred this year, targeting multiple companies by exploiting software vulnerabilities and weaknesses in IT supply chains. The MOVEit mass cyber-attack, for example, impacted millions of individuals and thousands of companies, contributing to the increased frequency of claims in 2023.
The report also highlights the growing number of cyber incidents that become public knowledge due to threats from hackers to publish stolen data online. This trend, combined with the theft of data, may lead companies to consider paying ransoms. The number of companies paying ransoms has increased from 10% in 2019 to 54% in 2022. However, paying a ransom for exfiltrated data does not necessarily resolve the issue, as companies may still face third-party litigation for data breaches.
The report underscores the importance of early detection and rapid response capabilities, as threat actors increasingly explore the use of artificial intelligence to automate and accelerate attacks. External manipulation of systems is the primary cause of more than 80% of all cyber incidents. While prevention is crucial, the focus should also be on detection and response, as early detection and response can prevent minor IT incidents from escalating into major crises.
In conclusion, the evolving ransomware threat landscape in 2023 necessitates a renewed focus on cybersecurity, early detection, and rapid response measures to mitigate the impact of cyberattacks and ensure a sustainable cyber insurance market.