Resilience Report: Cybercriminals Uplevel Tactics to Deal with Lower Extortion Payment Rate

Source: Resilience | Published on October 20, 2023

Christie's ransomware

Ransomware is entering a new era, as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions, Resilience found in its Midyear 2023 Claims Report.

Among the key findings:

  • Cybercriminals are returning to “big game hunting.” Attackers are focusing on bigger targets, particularly those organizations with sensitive data that are able to pay larger ransom demands. Two recent examples are MGM Resorts and Caesars Entertainment.
  • Third-party vendors become the lead point of failure. Vendor cyber risk has overtaken phishing attacks as the leading point of failure in cybersecurity. Resilience data shows third-party vendor incidents account for 28.9% of its clients’ all-time claims, ahead of phishing at 23.1%.
  • Traditional ransomware expanding to encryption-less extortion. Threat actors are expanding on previous tactics in which they encrypted data and offered decryption keys in exchange for ransoms. Now, Resilience is seeing an increase in encryption-less data exfiltration attacks that threaten to publish sensitive material unless the criminals’ extortion demands are met.

“Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Vishaal “V8” Hariprasad, CEO & Co-Founder of Resilience. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom,” Hariprasad added. “Resilience data shows only 15% of the overall Resilience client base who experienced an extortion incident in the first half of 2023 elected to pay to resolve an incident.” By comparison, for all ransomware attacks analyzed by Coveware, the average payment rate was 39.5% in the first two quarters of this year.

A key event behind the trend in encryption-less extortion was the massive hack in May 2023 of the MOVEit file transfer platform. The attack affected at least 1,000 organizations and more than 60 million individuals whose data was stolen by a notorious ransomware and extortion gang. The gang is continuing to extort payments from victims.

The findings of the Midyear 2023 Claims Report support the Resilience model of a holistic approach to managing risk. Earlier in 2023, the company introduced the Resilience Solution, designed to help companies balance their risk acceptance, risk mitigation, and risk transfer so they can assess, measure, and manage their cyber risk in an integrated and economically-efficient manner.

To read the Resilience Midyear Claims Report, please visit www.CyberResilience.com.

About Resilience

Resilience is the cyber risk solution company that’s on a mission to help make the world cyber resilient. Founded in 2016 by experts from across the highest tiers of the U.S. military and intelligence communities and augmented by prominent leaders and innovators from the insurance and technology industries, Resilience helps financial, risk, and information security leaders continuously improve their organizations’ cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce actionable cyber hygiene.

Resilience is proud to be backed by leading technology investment firms including General Catalyst, Lightspeed Venture Partners, Intact Ventures, Founders Fund, CRV, and Shield Capital. With headquarters in San Francisco, Resilience’s team is globally dispersed, with offices in New York, Chicago, Baltimore, Toronto, London, and Dublin. Resilience offers insurance coverage through its licensed and appointed insurance agency and security services through its expert security team.