Cyber insurance claims are rocketingOpens a new window after a surge in ransomware attacks that hijack computer networks and demand hundreds of thousands of dollars to unlock them.
Hackers using the newly-created Sodinokibi bug have targeted companies across the United States and Europe this summer, exploiting vulnerabilities in their computer systems.
The attackers promise to provide a decryption key if an organization pays a ransom in Bitcoin. Cyber insurance specialist Tom Bennett told the Financial Times Opens a new window that the ransomware’s insurance claims exploded in June and July.
Ransom payments reached $150,000, sharply higher than the average ransomware demand of $50,000. Insurance policies usually cover the ransoms as well as the costs of the temporary shutdown and disruption that an attack entails.
Both large and small companies were struck by the Sodinokibi bug. It often uses computer services providers as a bridge to access the networks of several organizations and create multiple attacks simultaneously, driving up the insurance claims.
The identities of Sodinokibi’s developers are not known, but Bennett said the ransomware is programmed to avoid systems in the former Soviet Union.
Cybersecurity experts believe the Sodinokibi bug was created by the same developers behind the Gandcrab ransomware program active earlier this year. Gandcrab was known as a Ransomware-as-a-service program, in which the developers rented it out on the dark web to attackers and agreed to share the ransom.
A Cisco Talos intelligenceOpens a new window report first identified Sodinokibi in April and noted its use in conjunction with Gandcrab. Sodinokibi enters a network through the Oracle WebLogic server, a type of middleware that directs a user’s click on a webpage to the right application.
The WebLogic vulnerability is easy to exploit for anyone with HTTP access to the server. Oracle released a patch for the vulnerability. Cisco Talos gives the bug a high CVSS score – named for the Common Vulnerability Scoring System – of 9.8 out of 10.
Ransomware attacks have surged over the past year according to researchOpens a new window by Malwarebytes Labs, which makes cybersecurity software. In the second quarter of 2019, business detection of ransomware increased by 365% compared with the same period in 2018.
This is noteworthy because ransomware attacks declined after a high in 2016 and 2017. Ransomware is a feature of the past decade. In 2012 there was only one family of ransomware programs, but by 2017 there were 343Opens a new window . That year was a high point for ransomware attacks with families such as Locky, Cryptolocker and Cerber alongside WannaCry and NotPetya, creating a storm of ransomware demands. Total attacks surged by 400% over the previous year.
Some believe the threat receded because companies stiffened their defenses. EuropolOpens a new window , the EU police agency, launched a “no more ransom†project offering free decryption tools, which may have helped.
Another theory for the decline in ransomware attacks is that Bitcoin, the coin of the realm for cybergangs, experienced wild fluctuations in value in 2018, making it impossible to assign a value to a ransom demand. The cryptocurrency is ideal for ransomware attacks because it’s difficult to trace.
Bitcoin’s stability in early 2019 may have encouraged the resurrection of ransomware, though the cryptocurrency’s volatility returned in June and July . Perhaps attackers were waiting for companies to lower their defenses after the 2017 onslaught. Programmers also had a couple years to find new, easy vulnerabilities of systems.
Going forward, businesses and government organizations must keep up their guard and pursue strong cyber strategies for protection.
That means they must back up all data and store it offline – even though it is a huge and costly chore for large organizations. Also, they must maintain a robust cybersecurity operation and keep training employees about the dangers of clicking on unknown links and scam emails.
Ransomware may be financially costly and time-consuming. But even more damaging is the harm a cyberattack wreaks on an organization’s reputation.