Cyber Insurance Blog

Understanding the Risk of Ransomware Today

Understanding the Risk of Ransomware Today

It’s unlikely anyone using the internet still asks, “What is ransomware?” High-profile ransomware attacks like WannaCry in 2017 and the attack on Colonial Pipeline in 2021 have significantly raised this cyber crime’s profile.

But just in case: Ransomware is malicious software (malware) designed to encrypt a victim’s data, rendering it inaccessible until they pay the attacker a ransom in exchange for the decryption key. Payment is usually in a digital currency like BitCoin.

Ransomware is involved in 20% of all cyber crime incidents. And though ransomware payouts dropped sharply in 2022, that downward trend did not continue. In 2023, payments reached $1.1 billion—an all-time high. In the U.S. alone, in Q3 of 2024, the average ransom payment was more than $479,000.

Cyber security experts don’t expect threat actors to give up the “[l]ucrative low-hanging fruit” of ransomware any time soon. Why should they, when these malware attacks generate millions of dollars? Indeed, 2024 saw a 30% increase in active ransomware gangs.

Modern ransomware operators are launching attacks at new and more devastating levels. Emerging technology like generative AI is transforming the digital landscape, and criminals are leveraging it.

Cyber Insurance brokers play a key role in helping businesses and other organizations manage ransomware risks. Read on for more information you can share with clients about the latest tactics threat actors are using.

Ransomware Attack Tactics You Should Know About

Businesswoman detects phishing emails while working from her laptop. To understand how ransomware operators work, cyber security experts use “honeypots.” Honeypots are simulated attack surfaces designed to attract threat actors. These decoy targets gather information about criminals’ methods and tactics. For example, honeypots have revealed how threat actors launch ransomware attacks in multiple stages, compromising machines across an organization for maximum financial gain.

Results from honeypots illuminate the tactics ransomware criminals use. By understanding these tactics, Cyber brokers can help their clients protect against ransomware.

1. Advanced Email Phishing

Phishing emails appear to be emails from legitimate organizations and businesses. Criminals use these emails to trick recipients into downloading malicious attachments and infected files, or offering up sensitive information.

A form of social engineering, phishing emails are not new. Some 3.4 billion phishing emails get sent every day. But they have become more complex and harder to detect.

Phishing attacks no longer use generic emails. Threat actors now use automation and AI to send personalized, highly targeted messages to increase their attacks’ success rate. This tactic is “spear phishing.”

In 2022, more than four in five organizations experienced at least one successful phishing attack. Nearly a third of companies lost money. Since ChatGPT made its debut in the fourth quarter of 2022, malicious phishing emails have increased 1,265%.

2. Telephone-Oriented Attack Delivery (TOAD)

Businesswoman becomes skeptical while talking to a fraudulent call center representative over the phone.

In a TOAD attack, threat actors lure potential ransomware victims into contacting fraudulent call centers. The criminals can then install malware on victims’ systems, steal sensitive information, and launch ransomware attacks.

TOAD attacks have also become more sophisticated in recent years. Criminals use spoofing techniques to make the call seem as if it is coming from a legitimate source, such as a bank or government agency. They may also use automated voice messages or interactive voice response (IVR) systems to convince the victim a call is legitimate.

More than 10 million TOAD attacks occur every month. In 2023, 67% of businesses globally experienced one.

3. Adversary in the Middle (AitM)

This type of ransomware attack made headlines when it was launched to attack more than 10,000 organizations in 2021. In an AitM attack, threat actors pose as trusted entities, using fake websites to trick victims into revealing their login credentials. After gaining access to the user’s account, they can use it to install ransomware and encrypt sensitive data.

AitM attacks have become more effective as threat actors find ways to bypass multifactor authentication (MFA) on compromised accounts. One ready-made phishing-as-a-service (PhaaS) toolkit, for instance, lets attackers capture and exploit the credentials and session cookies of legitimate Microsoft 365 account holders.

4. Evolving Extortion Techniques

Businessman using laptop computer clenches fists in frustration, “System Hacked” warning screen overlaid on image.

Ransomware Malware Attack And Breach. Business Computer Hacked

Threat actors’ extortion techniques have also evolved, putting more pressure on victimized organizations and their stakeholders to shell out ransomware payouts.

For example, one ransomware gang filed an SEC complaint against one of its alleged victims for failing to comply with a four-day disclosure rule.

And hackers are now more likely to try blackmailing individual patients whose data or photos they’ve stolen. They may threaten to leak the sensitive information to the dark web if they aren’t paid, or conduct denial-of-service (DoS) attacks on victims who refuse to cooperate.

5. Ransomware-as-a-Service (RaaS)

Ransomware-as-a-Service (RaaS) allows cyber criminals to gain access to ransomware without creating their own. Malware authors offer their products, kits, or code to threat actors in exchange for money.

This service provides several advantages to attackers, including easy access to the latest ransomware and technical support for campaigns. RaaS has increased the number of ransomware attacks and diversified the threat landscape, making it harder for organizations, law enforcement, and government agencies to keep up.

Help Your Clients Mitigate Ransomware Risks

Portrait of smiling Cyber Insurance agent holding clipboard.

New attack vectors and increasing ransom demands show the increased complexity and effectiveness of modern cyber attacks. Any business or organization with a digital presence must have robust ransomware protection measures in place. Such measures include regular backups (including offline backups), employee education, and monitoring to prevent and detect potential ransomware attacks.

Another important measure is Cyber Insurance.

When an organization has strong Cyber Insurance, ransomware, while still a risk, is significantly mitigated.

The ransomware coverage Cyber Insurance provides typically covers ransom payments, recovery costs, and legal fees. It ensures businesses can swiftly recover from disruptions. Additionally, it provides resources for incident response and supports efforts to strengthen overall cyber security resilience.

At ProWriters, we offer more than 20 years of industry expertise in Cyber Insurance and risk management. Our partner brokers gain access to helpful tools, resources, and our Digital IQ Comparative Rate Platform, which allows you to quote multiple insurance carriers in minutes.

Contact us today for more information about how we can help you secure first-rate ransomware protection for your clients.

Subscribe to Our Monthly Newsletter!

    Retail vs. Wholesale Brokerage

    Experts Weigh In

    Get the eBook

    70 East Lancaster Avenue, Suite 102

    Malvern, PA 19355

    484-321-2335
    484-321-2339

    [email protected]

    Products

    Cyber & Privacy Liability Insurance

    Errors and Omissions (E&O) Insurance

    Directors And Officers (D&O) Insurance

    Services

    Risk Management

    Digital Distribution

    Wholesale Brokerage

    About Us

    FAQ

    Testimonials

    Careers

    QUOTE

    Contact Us

    Resources

    Cyber Insurance Blog

    Marketing Materials

    News & Press Releases

    © 2025 ProWriters Insurance Services, LLC | CA LIC. #0I27809 | Privacy Policy | Legal | Sitemap

    Farotech: A Philadelphia SEO Company