Chubb finds ‘alarming’ rise in ransomware attacks

Malware cyber attacks are on the rise compared to one year ago, according to Chubb, with a new type of strain on the rise.

The first half of 2019 has seen more ransomware attacks than 2018, catching the eye of the insurer in its third-quarter edition of its Chubb Cyber InFocus Report, where it called the rise “alarming.” That follows an 84% increase in ransomware attacks from 2017-2018.

While not a new threat, Michael Tanenbaum, head of Chubb cyber North America said that the attacks have evolved, with some demands reaching six- and seven-figures.

Therefore, “it is critical for businesses to understand the increased sophistication of ransomware, what procedures and systems need to be in place to mitigate the risk, and what solutions they need to protect themselves should they experience an attack,” he said in a statement.

Brokers who count professional services and manufacturing companies as clients should especially pay close attention as each industry accounted for 30% and 23%, respectively, of all incidents reported to Chubb so far this year.

Why manufacturing? Chubb said it’s because they need to quickly restore business operations. Meanwhile, professional service organizations rely heavily on email and are vulnerable to phishing attacks. Still, brokers who may not deal heavily in those sectors should still be aware of such threats to their commercial clients as Chubb warned that any company is at risk, no matter the size or industry.

A recent Leger poll, commissioned by the Insurance Bureau of Canada, found that 65% of small and medium businesses said their insurance professional hadn’t spoken to them about business cyber insurance in the last three years. For small businesses, ransomware has made up 23% of all cyber claims this year, according to Chubb.

The insurer also found that malware claims, which include ransomware, are up to 18% of all cyber claims this year. In the last five years, the average is 12%.

The two most popular ransomware attacks are Bitpayer and Ryuk, with the latter accounting for 50% of known variants seen this year, Chubb said. These consist of targetted attacks, rather than random ones, at those with the ability to pay higher ransom demands. It works through a “banking Trojan” type of malware. After infiltrating a target’s system through an open access point or phishing email, the malware can find sensitive information like financial statements to see if the company can pay a higher ransom demand.

Chubb also warned of Sodinokibi, which it said appears to be an evolution of Bitpaymer and Ryuk. It started showing up this spring and targets victims who can afford to pay larger ransoms. But what makes it unique is that it targets companies that provide IT services to other companies. So it infects through mass phishing campaigns with malicious links or attachments.

These evolving and more complex techniques make it “imperative to implement multiple layers of preventative measures to mitigate potential incidents and ensure a reaction plan is in place if an attack occurs,” said Anthony Dolce, vice president, cyber lead, Chubb North America financial lines claims.