Ransomware is a sobering item on every organization’s list of things to worry about. New data shows it might be more problematic than ever as the average ransomware demand reached $1,571,667 in the second quarter, more than double the average in the first quarter, according to “Q2 2024 Cyber Threat Report: Ransomware Season Arrives Early” from Corvus Insurance.
That is the highest demand average since the second quarter of 2022, says Corvus, a subsidiary of The Travelers Cos. Inc. Concerning, too, is that the average ransomware payout of $626,415 is a record high, surpassing the previous high of $600,000 in the same quarter of 2022. Corvus offers insurance for cyber incidents.
One factor in that increase is that companies without effective backup strategies may be more likely to choose the payout to resume regular activities.
“Although threat actors control how much is demanded for ransom, certain measures can impact the propensity of an organization to pay that ransom,” the report says. “The presence of backups is a significant factor. Given that ransomware’s primary goal is to render data inaccessible through encryption, those without robust backups are more likely to have their hand forced in a ransom situation—2.38 times more likely to pay a ransom, to be exact, according to recent Corvus claims data.”
The Corvus research found 1,248 ransomware victims posted to leak sites, a 16% increase from the first quarter and 8% increase year-over-year. Leak sites are where ransomware groups share details of their victims, according to Corvus. Data for the report is collected from these sites.
“Relying on regular crawls of these dark web leak sites, Corvus is able to continually monitor for insureds and partners but also uses the aggregated data for these analyses,” a Corvus spokesperson tells Digital Transactions News by email. “As with most other datasets in existence, this is an incomplete picture of all ransomware attacks. Victims who quickly comply with threat actors’ demands and quietly pay a ransom have a much lower likelihood of appearing on a leak site and therefore would not be measured in our assessments of ransomware velocity. There will always be a percentage of attacks that are unknown.”
Backed-up data, however, is not a one-stop fix for ransomware. “While [backups] do reduce the chances of a ransom being paid and reduce the cost of claims overall, they don’t completely eliminate risk,” the report says.
“Ransomware operators have evolved their tactics,” the report continues, “recognizing that many organizations possess valuable and sensitive information. They exploit this by engaging in double-extortion schemes—they not only encrypt the data, but they also exfiltrate (steal) it, threatening to release it on the dark web. In 2024, data theft was involved in 93% of ransomware incidents among Corvus policyholders, a dramatic increase from a rate of less than 50% as recently as 2022.”
In the second quarter, financial services accounted for 2.5% of the attacks analyzed by Corvus, placing it among the top 10. Construction, at 6.5%, information technology services, 4.%, and hospitals and health care, 3.9%, were the top three targeted industries.
Backups and employee education may help reduce ransomware attacks, but they alone are not enough, Corvus says. “These trends also serve as a clarion call to organizations across all sectors: the need for robust, multi-layered security strategies has never been greater. As we navigate through the rest of 2024, businesses must take a proactive stance toward better security and to prepare for the inevitable squalls ahead.”