Ransomware attackers are using a multitude of techniques to gain access in attacks that are becoming “more frequent, more sophisticated, and more effective,” according to new report compiled from surveys with more than 1,000 IT professionals.
Additionally, organizations breached in the past continue to be at risk, and many of them don’t believe they’re fully prepared for another ransomware attack, shows Cybereason’s Annual Global Study On Ransomware Business Impact report.
“If I could have one wish for 2024, it would be that we stop calling ransomware by the same name. It fails to describe the true impact of an attack,” writes Greg Day, Global Field CISO, vice president, Cybereason. “What started as the simplest of notions—encrypting data and extorting money to return access to it—evolved into a complex ‘Swiss army knife,’ like the blended attacks back in the early 2000s. Now ChatGPT has arrived on the scene and it’s driving the next evolution of ransomware.”
Related article: Haute Cyber? Attackers Are Strutting Into 2024 With More Sophistication
The report lists supply chain (41 percent), direct access (24 percent) and insider assistance (22 percent) as leading ways attackers are using ransomware to gain access. The report shows the U.S faces the highest ransom dollar amounts, with reported average payments that totaled at $1.4 million, while non-English speaking countries are also being increasingly targeted. France ($1 million), Germany ($762,000) and the U.K. ($423,000) followed with the highest ransom payments.
According to the report, 46 percent of impacted businesses estimated losses of between $1 million and $10 million, while 16 percent estimated losses in excess of $10 million. ChatGPT, a generative AI tool used to answer general questions, is also being used as a means to accelerate attacks, the report shows.
“Businesses everywhere are working out how best to leverage generative AI to become more effective and efficient at scale. And so are bad actors,” the report states. “They are using tools like ChatGPT 4.0 to collect personal information, craft professional-looking messages, and more effectively translate them into any language.”
Cyber insurance is one good answer for businesses, but too many lack a clear understanding of what is covered, which leads to unexpected payouts and incomplete protection even though 95 percent of organizations have enhanced their resilience with insurance, according to Anjali Das, co-chair of Wilson Elser’s National Cyber Security and Data Privacy practice.
“On the one hand, you have first-party breach response that does the technical forensics investigation by cyber security experts. And it covers the legal fees by outside counsel,” Das said, adding that “a lot of policyholders have the benefit of having direct access.” Cyber polices “also have third-party liability coverage and business interruption cost.”
Ransom payments do not guarantee that all data will be returned. In fact, 84 percent paid the ransom but only 47 percent got their data and services back uncorrupted, the Cybereason report shows. That enables attackers to possibly ask for more to give it all back.
Listed reasons for paying the ransom included: “Attackers threatened to disclose sensitive information;” “We feared loss of business;” “It seemed to be the fastest solution;” “It was a holiday/weekend and we were short-staffed;” “It was a matter of life and death;” “We didn’t have backup files.”
Deborah Dioguardi, senior vice president and Professional Lines National Practice Leader of JENCAP Specialty Insurance Services, shared numbers concerning the average cost of a cyber ransomware attack for small- and medium-sized businesses, and who is liable for the damages that happen during an attack.
“The average cost for a small- to medium-sized business on a claim that we’re seeing payout-wise is about $200,000 to $350,000,” Dioguardi said. “A business is responsible for anything that’s in their care [or] custody.”
“Even if the breach didn’t occur on their end and maybe it might be a third-party vendor, the business is held responsible for that because they’re supposed to protect their clientele.”
According to the report, the threat continues to evolve, and it is clear from research that business ransomware resilience plans are not keeping pace.
Adam Lantrip, senior vice president of CAC Specialty’s Professional & Cyber Solutions, highlighted countermeasures businesses may consider when facing cyber-attacks.
“It’s a constant process, and I think for clients, it’s a realization that it is a process we’re never going to be 100 percent impenetrable,” Lantrip said. “Just because we’re not vulnerable to this type of loss over here doesn’t mean we’re going to be invulnerable to a type of loss over there.”
Lantrip has also seen cyber activities on the rise.
“Activities is definitely up; the activities higher this year than over the last couple of years or maybe even a couple of years combined,” Lantrip said. “We are seeing a handful of different types of attacks.”
He added: “People are going after data warehouses and cloud providers seeking to either steal or access data on lots of companies that’s housed in a single repository.”
The Cybereason report shows “more complex, low-and-slow attacks are designed to compromise as much of the targeted network as possible to extract the highest ransom” in what are known and “RansomOps attacks.” Most (56 percent) businesses did not detect a breach for three-to-12 months.
Additionally, the targets of attacks were predominantly: intellectual property (trade secrets); protected health information; account credentials; personally identifiable information; customer data, the report shows.
Nehemiah Balaoro is a student at California State University, Long Beach, who is working as an intern for Wells Media Group.