Repeat Ransomware attacks on 78% of victims who pay

    In November 2019, the FBI and US-CERT jointly issued a statement advising against ransom payments to hackers, asserting that such payments could embolden cybercriminals and exacerbate cybercrime. They urged victims to instead seek guidance from law enforcement or forensic experts.

    Echoing this sentiment, Cybereason’s latest ransomware report, titled ‘The Cost to Business Study 2024,’ revealed alarming trends. According to the report, 78% of organizations that opted to pay ransom found themselves targeted by a second file-encrypting malware attack, often by the same threat group responsible for the initial breach.

    Notably, the demand from threat actors in subsequent attacks tends to escalate, with victims facing a minimum 20% increase in ransom fees compared to their previous payment. Shockingly, over 56% of organizations fell victim to repeat attacks within the past 24 months.

    Compounding the issue is the lack of assurance that hackers won’t strike again or delete data from compromised servers, especially in cases involving double extortion tactics.

    This raises a pertinent question: Does cyber insurance cover repeat ransomware attacks?

    The answer hinges on the specific policy provisions and premium agreements. Typically, policy documentation outlines the scope of coverage for software and hardware in the event of a cyber attack. It’s imperative for Chief Technology Officers (CTOs) or Chief Information Officers (CIOs) to thoroughly inquire about coverage details before finalizing agreements with insurers.

    However, most cyber insurance policies include coverage for a single ransomware attack recovery, excluding subsequent incidents. Multiple ransomware attacks may signify a failure on the part of the victimized organization to adequately safeguard its IT infrastructure against cyber threats, rendering them technically ineligible for continued coverage despite negotiations with service providers.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display