- Ransomware operators are demanding more if they see their victim has cyber-insurance
- Companies with cyber-insurance usually pay higher ransom demands
- Those with a backup solution are less likely to pay at all
Ransomware operators will demand significantly more money if they discover that the company they targeted has cyber-insurance, new research has found.
The discovery was made by a Dutch police officer Tom Meurs while working on his PhD thesis, which saw him analyze 453 ransomware attacks between 2019 and 2021, discovering one of the first things threat actors do, after gaining access to the target environment, is search for documents of a cyber-insurance policy.
If they find it, the ransom demand spikes. Generally, it increases by a factor of 2.8x, but if they also manage to steal sensitive data in the process, the ransom demand is increased 5.5 times.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)
Praising the downfall
This discovery is in line with what cybersecurity researchers have seen in the past - ransomware operators trying to talk organizations into paying the ransom demand, arguing that since they have insurance, they essentially have nothing to lose.
Law enforcement is generally against paying the demand, saying that it fuels more cybercrime.
The researcher further determined that companies with insurance pay the ransom demand 44% of the time. Those that aren’t insured paid 24% of the time. Those with insurance pay, on average, around $800,000 while those without - $150,000.
"I often read in chat messages that cybercriminals send to each other, or on illegal marketplaces where login details are sold, that they are specifically looking for companies from sectors that pay a lot," Meurs said.
"My research shows that the ICT sector in particular pays high amounts. Companies from this sector often supply the ICT for many other companies, which means that multiple companies are victims of a single attack. This may be why the willingness to pay is higher."
The best thing to do, to mitigate the risk, is have a strong backup solution set up, Meurs concluded. Those with a backup are 27 times less likely to pay the ransom demand, he found in the research.
Via The Register
You might also like
- The impact of the cyber insurance industry in resilience against ransomware
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers