DDoS Attacks and Ransomware: Increasing Losses due to Cyber-Extortion
It’s every company's nightmare: servers, networks, and business IT are unavailable due to a cyber- attack. Cybercrime is a part of everyday digital life, and online extortion has become a booming business. The economic consequences are costly. A recent study by Allianz subsidiary AGCS shows how expensive cybercrime can be for companies. Ransomware and DDoS attacks are the main cost drivers.
600 million euros in losses and an increase in loss reports
The damage caused by cybercrime is becoming increasingly expensive for companies and their insurers. This is the conclusion of an analysis by AGCS (Allianz Global Corporate & Specialty), Allianz’s center for global business insurance, which evaluated 1736 cyber-damage reports filed between 2015 and 2020. According to AGCS, the total losses amounted to 660 million euros*. The number of cyber-insurance claims is following an upward trend: Their number rose from 77 in 2016, when cyber-insurance was still a niche product, to 809 in 2019. Seven hundred and seventy claims were filed with AGCS in the first nine months of 2020.
Three reasons for the increase in claims
The increasing number of reported claims can only be partly explained by the fact that more and more companies are taking out cyber-insurance. Other factors – involving the attackers and the insurers – also come into play, including:
- increasing cybercrime activities in recent months and years
- the availability of cybercrime as a service, where non-professionals can commission cyber-attacks; and
- changing working conditions and greater digital attack surfaces in companies due to the Covid-19 pandemic.
Companies are increasingly aware of this risk. According to Allianz's annual Risk Barometer, cyber-incidents have topped the ranking of the most important business risks for companies worldwide for the first time.** In Germany and the Netherlands, damage caused by cybercrime ranks second behind business interruption. In contrast, cybercrime is considered the top risk in the UK and France.
DDoS attacks and ransomware attacks dominate
According to the AGCS figures, the largest losses in the cybercrime environment are due to "external manipulation of systems". Such manipulation is responsible for 85% of the damage amount, followed by internal attacks (9%) and technical failures (9%). Two types of external attacks stand out: ransomware and DDoS attacks.
Both types of attack can cause long-lasting outages and result in business interruptions of several days or weeks. The University Hospital of Dusseldorf (Germany) learned this painful lesson in September 2020. After the encryption of its servers by extortionists, the clinic needed a full month to return to normal patient operations.
The New Zealand Stock Exchange had to halt trading for four days at the end of August/beginning of September 2020 due to prolonged DDoS attacks. In addition to the stock exchange, numerous other companies in the financial sector were extorted with DDoS attacks. The ransom demands by cybercriminals posing as notorious hacker groups such as Armada Collective and Fancy Bear were not only aimed at companies in the Asia-Pacific region. They also targeted companies in North America and Europe.
Paying a ransom is not the solution
In view of these damage scenarios, it is often tempting for blackmailed companies to get rid of the problem by quickly paying the demanded sum without having to involve law enforcement, IT experts, or insurers. Since October 2020, the USA has put a legal stop to this. The law-enforcement authorities are now allowed to prosecute companies that violate sanctions by paying ransom. If the sanctions, aimed at known cyber-extortionists and certain states such as Iran and North Korea, are disregarded, heavy fines and imprisonment may be imposed. Under these circumstances, the victim can become the perpetrator himself.
Avoiding damage with planning ahead and expert help
Each company must decide how to respond to the increasingly complex cyber risks it faces. In almost every case, investments will be necessary so the firm’s protection solutions can keep pace with the perpetrators’ expertise. Companies must also invest either in trained specialist staff or external service providers. Both solutions are associated with additional costs, but the price that unprotected companies pay after an attack and failure can far exceed this. And their insurer will also link the company’s cyber-policy to good IT security.
*AGCS: Managing the Impact of Increasing Interconnectivity. Trends in Cyber Risk, November 2020
** Allianz Risk Barometer, Januar 2020
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
https://t.co/AtNMRQvCYI Did you know that 37,9% of internet traffic is made up of bots? Or that 20,4% of that amoun…
7 Retweets 6Read More
The Link11 360° degree DDoS Protection is... ➡️ Smarter: AI-based Whitelisting approach ➡️ Faster: Attack mitigati…
5 Retweets 4Read More
The European Organisation for Safety of Air Navigation revealed new cyber security statistics!…
1 Retweets 3Read More
➡️ Link11 Report discovers record number of DDoS attacks in first half of 2021. 1) DDoS at…
9 Retweets 7Read More
The European Union Agency for Cybersecurity (= ENISA) identified the most common cyber challenges/threats and issu…
5 Retweets 8Read More
⚠️ Have you been the target of a DDoS/ransomware attack, or even an extortion attempt? If this happens, don't worry…
3 Retweets 2Read More
https://t.co/a0lf7SPB37 Want to see more interesting facts, data and insights from the Cyber- & DDoS Attack threats…
15 Retweets 8Read More
❗ ️Warning: New wave of ransom DDoS attacks by Fancy Lazarus! Are you also affected? Don't worry, there are things…
6 Retweets 3Read More
Electronic Arts has suffered a big data breach resulting in hackers getting away with important source code for gam…
1 Retweets 1Read More
https://t.co/HqsAkp4Wk2 Are you passionate/curious about cybersecurity? Subscribe to our monthly Newsletter and sta…
7 Retweets 4Read More