Content, Content, Ransomware

Ransomware Payment Demands Triple in 1H 2021, Coalition Reports

Ransomware groups demanded three times the payoff from their cyberattack victims in the first half of 2021 compared to the corresponding period in 2020, said Coalition, a cybersecurity insurance provider, in a new analysis of 50,000 of its policyholders in North America.

The company’s H1 2021 Cyber Insurance Claims Report found that the average ransom demand made to its policyholders during the period roughly tripled to $1.2 million per claim from $450,000 the year earlier.

In an interesting twist, while the average ransom demand skyrocketed year-over-year, the figure slipped $112,000 sequentially from the $1.3 million in 2H 2020. Coalition suggested that the slight tumble resulted from its policyholders sharpening their skills at negotiating lower ransom payments and becoming more adept at backing up their systems and data. “That is a large price to pay for any organization, and is a nearly 170 percent increase from the average demand in the first half of 2020,” the San Francisco, California-based company said.

As for financial fraud, the average amount of funds stolen increased 179 percent to $326,264 in the first half of this year from the $116,842 in the same period last year, the company’s data showed.

The bottom line? “We’ve processed more claims across more organizations in the first half of this year than in any other period,” Coalition said.

Research: Five Cyber Attack & Cyber Insurance Trends

The insurer said its claims data revealed five prevailing trends:

  1. Cyber crime is ballooning, led by a 51 percent jump in business email compromise incidents and a 28 percent vault in financial fraud events.
  2. Ransomware is growing in severity.
  3. Criminals are exploiting remote working.
  4. Microsoft remote desktop protocol (RDP) has become a favorite target of hackers.
  5. Smaller companies are increasingly targeted by ransomware crews.

Here’s some more of Coalition’s supporting data:

  • Nearly 50 percent of attacks against Coalition's policyholders were initiated by phishing and social engineering.
  • The rate of policyholders who experienced a claim due to exposed RDP from 1H 2020 to a year later increased from 29 percent to 40 percent. The severity of these incidents increased by 103 percent.
  • The frequency of incidents reported for organizations with under 250 employees increased 57 percent from the first half of 2020 to 2021.

"Bad actors are targeting everything from critical infrastructure to the corner store," said Joshua Motta, Coalition chief executive and co-founder. "We believe that when organizations understand their risk profile and take proactive steps to reduce their risk, they can safely embrace new technology and remain resilient to cyber attacks.

Cyberattack Forecast: Six Cyber Crime Predictions

Coalition made six predictions for cyber crime in 2021 and beyond:

  1. Ransomware will remain the single biggest threat for all organizations. Ransomware frequency will increase moderately but severity will flatten. “There is little leverage left to be gained beyond that which criminals already have after taking an organization’s operations hostage. (Note: MSSP Alert has seen some victims reporting that ransomware hackers have hit them multiple times.)
  2. The cyber insurance market will continue to harden throughout the year. It will be harder to qualify for cyber insurance with underwriters requiring potential policyholders to implement many common cybersecurity controls and address identified vulnerabilities as a condition of coverage.
  3. Supply chain attacks will be more common. Criminals will increase their targeting of software and service providers that other organizations rely upon.
  4. Government regulation and scrutiny will increase. Expect more regulation and more public frameworks from government institutions worldwide with new laws that require far greater disclosure of cybersecurity incidents.
  5. Criminal attacks will follow nation-state attacks. High profile attacks are typically motivated by espionage rather than financial gain but the exploits used often make their way into criminal hands, a trend Coalition expects to continue.
  6. Most cyber attacks will continue to be easily avoidable. Phishing, exploitation of remote network access points, exploitation of unpatched software with known vulnerabilities, and weak credentials will continue to be the main causes of cyber incidents.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.