- Ransomware operators demand more if they see that their victim has cybernetic insurance
- Companies with cybernetic insurance generally pay higher rescue demands
- Those with a support solution are less likely to pay at all
Ransomware operators will significantly require more money if they discover that the company they were addressed has cybernetic insurance, as new research has found.
The discovery was made by a Dutch police officer Tom Meurs while working on his doctoral thesis, who saw him analyze 453 ransomware attacks between 2019 and 2021, discovering one of the first things that the actors of threat do, after obtaining access to the objective environment, is to look for documents of a cyber insurrecy policy.
If they find it, the rescue demand. In general, it increases by a 2.8x factor, but if they also manage to steal confidential data in the process, rescue demand increases 5.5 times.
Praising the fall
This discovery is in line with what cybersecurity researchers have seen in the past: ransomware operators trying to talk about organizations to pay the rescue demand, arguing that, since they have insurance, they essentially have nothing to lose.
The police are usually against paying the demand, saying that it feeds more cybercrime.
The researcher also determined that insurance companies pay the rescue demand 44% of the time. Those who are not insured paid 24% of the time. Those with insurance pay, on average, around $ 800,000, while those who are not – $ 150,000.
“Often read in chat messages that cybercounts are sent to each other, or in illegal markets where login details are sold, which specifically seek companies of sectors that pay a lot,” said Meurs.
“My research shows that the particular ICT sector pays high amounts.
The best thing you can do, to mitigate the risk, is to have a strong backup solution, Meurs concluded. Those with a backup have 27 times less likely to pay the rescue demand, he found in the investigation.
Through The registration
