2/9
  • Pages
  • Editions
01 Welcome to CRII
02 Intro: What is ransomware now?
03 The year ransomware declined (for some)
04 Trends: Attack Severity and Pay Ratio
05 Trends: 2023 Early Indicators
06 Trends: Targeted Industries
07 Industry Focus: Healthcare
08 Recent Vulnerabilities
09 Thanks for Reading

Ransomware: rise, fall, endemic?

In Spring 2023 we find ourselves at an interlude in the story of cybercrime. What is the prevailing theme of this chapter? It’s not as easy to spot as it has been in the past.

First it was breaches. In the early-mid 2010s customer data was the new oil, and attackers were stealing it to sell on the black market. The public was introduced to the idea of a “dark web,” and many household name brands like Target and Home Depot were caught up in the wave of data theft.

Then, for a time, we had the rise of ransomware, a seemingly inexorable trend that screamed from headlines and forced a major reorientation of both the cybersecurity and cyber insurance industries. It kicked off with the global-scale NotPetya attacks in 2017 and continued down the food chain to thousands of organizations across industries and sizes.

In early 2022, this “rise” narrative broke down following successful law enforcement actions against ransomware groups by the US and allies. That chilling effect was cemented by the invasion of Ukraine and the disruption it brought to the global ransomware ecosystem. (Keying off this decline, we devoted much of the last edition of the Risk Insights Index to discussing trends in other areas of cybercrime, such as fraudulent funds transfers).

So the story quickly shifted from one of crisis to one of ransomware decline, but not without a tinge of wariness. The questions swirled: when is ransomware going to ramp up again? And what will it look like when it does?

An answer now may be emerging. In the early months of 2023 we’ve seen a sudden explosion in the frequency of ransomware with 452 new victims’ data appearing on leak sites in March — a 60% increase year-on-year according to our analysis of dark web sources.

victims appeared on leak sites in March, a 60% increase over the previous year.

%

increase in healthcare industry ransomware victims between February and March 2023

This time, though, fewer organizations are caught off guard. More of them have cyber insurance, for one thing — along with enhanced security controls required by insurers since ransomware’s previous peaks. More organizations are able to face down attackers.

Relatedly, the research on cyber risk has advanced. At Corvus, for instance, we have honed our ability to find what we refer to as “pockets of air” in difficult industries. As we explore in this report, healthcare is one industry that has been hit hard in the recent rise, with a 750% increase month over month in attacks on healthcare-related organizations from February to March. And yet, healthcare organizations are 25% less likely to pay ransoms than average, and within our book of business healthcare has seen no change in attack frequency to date.

This shows the power of data combined with the right security insights. Just because ransomware is rising, or your industry happens to be targeted, doesn't mean you can't stay safe. With the collective experience of thousands of attacks on different types of organizations, the lessons — and the best actions to take — are thankfully clearer than ever.

So what is the story now? Is the rapid rise in ransomware resuming after a brief intermission? Is ransomware fundamentally changed by our collective response, rendering it a more consistent, lower-level threat? Will some new attack style come along? Time will tell, but no matter what we’ll be digging into the data to look for answers.

Share with others!

Legal Disclaimer: This report is intended for general guidance and information purposes only. This report is under no circumstances intended to be used or considered as specific insurance or information security advice. Please consult your broker with respect to the information presented herein.

Continue ﹥