• United States



Fortinet’s FortiGuard Labs Recaps State of Ransomware Settlements

Nov 17, 20225 mins

istock 1402046846
Credit: iStock

It’s painfully obvious at this point that ransomware continues to grow in popularity. As Fortinet’s FortiGuard Labs team found, the number of new ransomware variants doubled in just the first half of 2022 compared to the previous six-month period. It’s no wonder more companies are turning to cyber insurance to help recoup their losses when they do have to pay a ransomware settlement.

That’s an option – but think of it as a parachute for your parachute; it doesn’t take the place of having all of your other safety guards in place. Cyber insurance can also be a double-edged sword. It has grown in popularity and usually compensates for losses brought on by hacking and data theft, extortion and destruction. Because it sometimes covers ransomware costs, it may seem like a reasonable way to address this threat.

But cyber insurance isn’t nearly the panacea many firms were hoping for, since hackers are well aware that organizations with insurance are more likely to pay out a settlement for ransomware payments. Let’s consider additional options to mitigate ransomware’s threat.

Increase in ransomware and evolving methodology

Hackers are experimenting with new attack vectors connected to well-known exploits and executing them more frequently. Attackers continue to introduce new strains of ransomware and update, improve and reuse existing ones, making them more sophisticated and aggressive. Researchers at FortiGuard Labs found 10,666 ransomware variants in first six months of this year; the previous period saw just 5,400.

The rise in popularity of ransomware-as-a-service (RaaS) on the dark web is chiefly to blame for the phenomenal increase of ransomware. To make quick money, cybercriminals purchase plug-and-play ransomware and use subscription-model services.

The State of Cyber insurance and settlements

Even though having insurance that pays a claim is advantageous, anecdotes suggest that some organizations, particularly local governments with minimal cybersecurity capabilities, may be selectively targeted because they have insurance.

The cybercriminals are taking the time to do their research. Attackers demanding a ransomware settlement want to know if you have insurance, since they are aware that if you do, they are more likely to receive payment. Whether an enterprise has insurance or not is taken into account by criminals in their playbooks, and data from one ransomware survey indicates that particular organizations are frequently targeted, particularly if they pay.

Defeat the need for ransomware settlements with this checklist

It should go without saying that effective ransomware detection requires both technology and education. While you’ve probably already got your list of techniques, here’s a checklist of additional areas to consider when it comes to spotting and stopping ransomware attacks.

Use deception to entice – and repel – attackers: A honeypot is a ruse using false file repositories intended to resemble desirable targets for attackers. A ransomware hacker who targets your honeypot can be found and stopped. Cyber deception technology of this kind not only uses the ransomware’s own methods and strategies against it to set off detection, but it also reveals the attacker’s tactics, tools and procedures (TTP) that allowed it to successfully infiltrate the network. With this information, your team can find and patch up security holes.

Monitor the network and endpoints: With continuous network monitoring, you may record incoming and outgoing traffic, analyze files for signs of an attack (like failed modifications), create a baseline for normal user behavior, and then look into any anomalies. Use antivirus and anti-ransomware software to create a whitelist of legitimate websites. Finally, it is crucial to add behavioral-based detections to your security toolkit, especially as the attack surfaces grows and attackers keep upping their game with new, more sophisticated attacks.

Train your staff on the characteristics of ransomware: Today’s workforce needs security awareness training, which will help organizations protect themselves from constantly changing threats. Train staff on how to recognize ransomware warning indicators, including emails that appear to be from reliable companies, dubious file attachments and shady external links.

If necessary, add SOC-as-a-service to your team: Everyone needs to put in more effort to stay at the top of their game, given the present threat environment’s intensity, both in terms of velocity and sophistication. However, that only takes you so far. Outsourcing some duties, such as threat hunting and incident response, is a wiser way to work. Thus, it can be beneficial to work with a Managed Detection and Response (MDR) provider or a SOC-as-a-service solution. By supporting your team in this way, you may reduce distractions and enable your analysts to concentrate on their more high-value tasks.

Think outside the network: Consider looking outside of your own network when assessing the dangers you face. A digital risk protection (DRP) service can assist an organization in identifying and minimizing three additional risk areas as an extension to its security architecture: risks related to digital assets, risks related to brands, and risks related to hidden and immediate threats.

Proactively avoid ransomware settlements

With ransomware now a “when,” not an “if,” cyber insurance may be an increasingly appealing option for many companies. Yet even though the amount of ransomware is increasing, there are many technologies and processes that can help your team reduce the risks brought on by this growing threat. From ongoing cyber training to state-of-the-art tools, you can defeat clever attackers and bypass the need for ransomware settlements.