Ransomware gangs targeting businesses which hold cyber insurance policies
March 23, 2021 |
I recently gave a presentation on data breaches where I highlighted as a trend the matuation of ransomeware strategies and attacks. This is point raised in the Cyber Security Industry Advisory Committee report, I posted on recently, titled Locked Out: Tackling Australia’s ransomware threat. Hackers are known to target businesses with cyber insurance and make demands in line with the coverage of the policy. That presupposes knowledge of policy details, acquired from the target businesses or the insurer or its brokers.
In a wide ranging, techy speak and a little shambolic interview on The Record an anonymous member of REvil, a hacking group, confirms that businesses with cyber insurance are targeted with:
S: Do your operators target organizations that have cyber insurance?
UNK: Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.
And unfortunately REvil has developed a new ability to encrypt files in Windows Safe mode. That means it is more likely to avoid and much security software.
And in the last few days Stratus technologies was hit with a ransomware attack. AdvIntel has conducted research which reveals that one in three ransomware attacks worldwide targets a Latin American country. The cybersecurity networks in that continent are notoriously weak.
The message is clear, businesses need to take the threat of ransomware more seriously which means spending more time and resources on developing proper cyber security networks and properly training staff. Unfortunately many businesses do not enough of the first and very little of the second.