A new report from insurtech Resilience, Resilience Midyear 2023 Claims Report, reveals a significant shift in ransomware tactics. Cybercriminals are increasingly targeting larger organizations and employing encryption-less extortion methods.
Key Highlights:
- Cybercriminals Resume “Big-Game Hunting”: Attackers are focusing on bigger targets, seeking larger ransom payments from organizations with sensitive data.
- Vendor Cyber Risk Surges: Vendor cyber incidents now account for 28.9% of Resilience clients’ claims, surpassing phishing at 23.1%.
- Encryption-Less Extortion Gains Ground: Threat actors are escalating their tactics by threatening to publish sensitive data if ransom demands are not met.
The report attributes the trend in encryption-less extortion to the massive MOVEit file transfer platform hack in May 2023, which exposed the data of over 60 million individuals and 1,000 organizations.
Resilience’s CEO, Vishaal “V8” Hariprasad, emphasizes the importance of robust cybersecurity measures and a holistic risk management approach. “Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Hariprasad.
Also of note, with NY State’s proposal for cybersecurity regulations for hospitals in mind, ” healthcare-related companies make up the most significant proportion of Resilience claims notices at 20.4% as of Q1 2023.” The report notes a “surge” of attacks against the healthcare industry.
To access the full Resilience Midyear Claims Report, visit Cyber Resilience.