Ransomware attacks are increasing exponentially around the world. Although this has multiple causes and explanations, information security services specialists agree that one of the practices that have contributed the most to this increase is the decision of insurance companies to offer policies for ransomware attacks and other information security incidents. There are even those who make more severe claims, raising the possibility of hackers acting in complicity with insurance companies to keep selling more policies.
A recent investigation into companies that
offer cybersecurity incident insurance policies has revealed that hundreds of
these companies choose to bear the costs of ransomware
incidents, for example; it doesn’t matter for some companies to invest tens or
even hundreds of thousands of dollars to retrieve their information. “The
costs of such an incident can increase to several million dollars, so it is
normal for companies to decide to pay a lower expense if possible,” the
investigation says.
An example is the city of Baltimore. According to information security services specialists at the International Institute of Cyber Security (IICS), after a serious ransomware attack, the city government refused to pay a millionaire ransom in Bitcoin. However, the incident recovery costs have already exceeded $6M USD; the city government has even resorted to using resources for maintaining public spaces in this recovery process.
According to the information security services
experts, the highlight of this investigation is the fact that insurers benefit
from ransomware attacks when victims decide to negotiate with hackers. In many
cases it is not even considered the option to use information backups or try to
remove encryption with known tools.
After an organization suffers a ransomware
attack it is possible for it to regain access to its information on its own,
trying with decryption keys or resorting to backups. However, this is a long
and costly process, and requires limiting some of the operations in the
affected organization. In the end, this is beneficial for hackers, as they get
the expected ransom, and for insurance companies, so they can continue to sell
protection policies in case of ransomware.
“File recovery usually requires investing
considerable financial and intellectual resources. All IT employees in a
company must participate, sometimes in collaboration with external information
security services teams, which is highly weary for a company, not to mention
public relations-related issues, data protection laws breaches, among other
problems,” the investigation says.
Recovery costs are not the only drawback. A
report recently released by the FBI mentions that, despite paying the ransom
and recovering the compromised information, victims of the ransomware infection
may suffer the consequences of an attack long after it occurred. “Many
times, even if the encryption is removed, there are multiple unidentified
programs left on the infected systems, which may compromise the security of
your information in other ways besides file encryption,” the report
states.
