Thirty-five years ago, subscribers to a World Health Organization AIDS conference list received a floppy disk in the mail. Ostensibly a survey, the disk actually delivered the earliest documented ransomware file. The file infected the host computer’s operating system. After a certain number of boot-ups, it encrypted the file names on the machine’s hard drive.
Ransomware attacks have grown exponentially more surreptitious and sophisticated since the AIDS Trojan incident. They’ve also become incessant. Experts estimated ransomware attacks were hitting businesses every 11 seconds in 2021. By 2031, that frequency should reach once every two seconds.
As a Cyber Insurance broker, you need to help your business clients understand the dangers ransomware poses, how to defend against them, and why Cyber Insurance is an indispensable part of any sound security strategy.
What Is Ransomware?
Ransomware is malicious software designed to block access to a computer system or data until the victim makes a payment.
The malicious files typically infiltrate systems through an email attachment or software download. Once activated, ransomware can rapidly encrypt files across multiple devices and entire networks.
Attackers frequently demand payment in cryptocurrencies like Bitcoin, due to such digital currencies’ anonymity and difficulty to trace. And ransom demands can be steep. In the first half of 2024, ransoms reached an average of more than $5.2 million per attack. The average ransom payment stands at $2 million.
Ransomware gangs promise victims a decryption key upon payment, but there’s no guarantee attackers will provide the key or refrain from releasing any data they access to the dark web, where other cyber criminals will pay top dollar for it.
No organization or industry is exempt from the threat of a ransomware attack. The associated costs often extend beyond immediate financial impacts to include long-term operational and reputational ramifications.
Recent Examples of Ransomware Attacks
Several high-profile ransomware attacks in recent years have underscored the urgent need for strong cyber security. Discussing them with your clients can help them understand why they must address and improve their cyber security posture.
Sony Ransomware Hacks
In September 2023, a ransomware gang claimed to have compromised all systems of the Sony Corporation. Rather than demand a ransom, the criminals advertised they would sell Sony’s confidential files on the dark web. Sony took its hacked server offline and launched an investigation. How much data these hackers acquired and how valuable it may be remains unclear.
The next month, however, Sony confirmed data of 6,791 past and present employees had been exposed in the worldwide MOVEit breach earlier that year. A security flaw in MOVEit, a popular file transfer program, allowed a ransomware gang to steal sensitive data. The attack affected at least 2,700 organizations and 93.3 million individual records.
The fact that Sony was hacked with ransomware twice in 2023 is especially notable because it fell prey in 2014 to another high-profile ransomware attack. Hackers sponsored by the North Korean government stole 100 terabytes of data, including the personal data of Sony employees and their families.
The 2014 hack cost $35 million to restore Sony’s financial and IT systems alone. In settling a lawsuit brought by affected employees, Sony agreed to pay up to $8 million, and up to $3.49 million in legal fees and costs.
CDK Ransomware Attack
On June 18, 2024, CDK Global, which provides software services to some 15,000 North American automobile dealerships, suffered a major ransomware attack that forced it to take several core IT systems offline. A second attack ensued during recovery.
During the outage, dealers resorted to manual processes to keep their operations running. Even so, delays and other problems plagued sales, servicing, credit checks and contract creation, and inventory management. Analysts from Anderson Economic Group estimate dealers lost both 56,200 new vehicle sales and $1.02 billion in business in the aftermath of the attack.
As of this writing, the exact cause of the CDK Global ransomware attack hasn’t been made public. However, attackers likely combined phishing emails—deceptive emails or messages tricking recipients into giving up information like usernames and passwords—with exploitation of weaknesses in CDK’s software. CDK reportedly paid a $25 million ransom to expedite recovery.
Change Healthcare Ransomware Attack
In February 2024, Change Healthcare, one of the world’s biggest health payment processing companies, suffered the largest known breach of protected health information (PHI) at a HIPAA-regulated entity.
The attack caused widespread disruptions in services from prescription processing, insurance eligibility verification, provider reimbursements, and delayed care.
This attack affected the PHI of at least 100 million people, or nearly one-third of the U.S. population. It occurred because the sensor through which the ransomware operators accessed Change’s internal network lacked multifactor authentication (MFA), a basic but often neglected cyber security protocol.
UnitedHealth, which owns Change Healthcare, paid a $22 million ransom in Bitcoin to the cyber criminals.
Ransomware Protection Strategies
Ransomware attacks represent a major threat to businesses’ operations, reputation, and bottom line. Employing robust protection strategies against ransomware infections is crucial.
These strategies include:
- Perform Regular Backups
Ensure all critical files and data are backed up frequently and stored in multiple locations, including offline options. These backup files can help restore infected devices without paying a ransom—or, even if a ransom is paid, help accelerate recovery.
- Make Software Updates Routine
Regularly update antivirus software, firewalls, and other security measures to combat evolving threats. Also apply software patches promptly to close the vulnerabilities ransomware campaigns exploit.
- Provide Cyber Security Awareness Training
Educate personnel to identify malicious emails. Stress the importance of not opening suspicious email attachments or downloading unknown files. Consistent awareness programs can greatly enhance an organization’s security posture.
- Carry Cyber Insurancer
Cyber Liability Insurance provides an additional layer of financial protection against ransomware attacks. Policies can help cover the costs of ransom payments, data recovery, business interruptions, and more.
ProWriters Brokers Make Clients Safer Against Ransomware Threats
When you become a registered ProWriters broker, you can help your clients protect themselves from the threat of ransomware attacks by finding and quoting them the Cyber Insurance policies they need, easily and effectively.
You’ll have access to our proprietary Digital IQ Platform. Use it to get detailed, comprehensive coverage quotes from leading carriers, ready for side-by-side comparison, in mere minutes.
You’ll also have access to our team of experts who can answer your questions, help you place complex risks, and give you resources and information to help you build a bigger book of Cyber business.
For expert insights about mitigating the risk ransomware attacks pose, watch our webinar. Then, get started registering as a ProWriters broker now.