How to Sign In
Cengage Technology & Computing Blog
Showing results for 
Show  only  | Search instead for 
Did you mean: 
What's Fueling the Growth of Ransomware?

[Reading time - 2 minutes 33 seconds]


Did you know that ransomware has been around for 30 years? The first known ransomware attack was initiated in 1989 by an AIDS researcher who carried out his attack by distributing 20,000 floppy disks to AIDS researchers in over 90 countries. The researcher claimed that the disks contained a program with a questionnaire that analyzed an individual’s risk of acquiring AIDS. However, the disk also contained ransomware that initially remained dormant and was only activating after a computer had been turned on 90 times. At the 91 startup the ransomware displayed a message demanding a payment of $189 plus another $378 for a software lease. This ransomware attack became known as the AIDS Trojan, or the PC Cyborg.


Today ransomware attacks are running rampant. There were an estimated 184 million ransomware attacks just in 2018 alone. This year (2019) government agencies have been the prime target of attackers: almost 100 ransomware attacks that have affected state and local governments, including school districts and higher education institutions, have been reported so far this year. That's compared to only 51 reported attacks in 2018. In August 2019 alone 22 Texas municipalities were hit with ransomware. Yet that's really nothing new: almost 250 government agencies have been ransomware victims over the past few years. This interesting interactive map show those government agency victims.


What's the fueling this rapid growth of ransomware?


The answer may surprise you: it's cyber insurance agencies.


That's according to some interesting research by Renee Dudley of Pro Publica (Renee also has additional research explaining why so many government agencies are vulnerable.


Cyber insurance started twenty years ago by Lloyd's of London and today is an $8 billion industry. About 80 percent of Lloyd's cyber insurance is written for U.S. entities.


How can the blame be placed on cyber insurance agencies for the rapid growth of ransomware?


It's because government agencies and businesses need to get back to normal as quickly as possible. Every minute they are locked out of their computers because of ransomware they are losing money. Thus, according to the cyber insurers, it makes more financial sense to pay the ransom and get the key to unlock encrypted files so everything can get back to normal quickly.


But that's a big advantage to the cyber insurance agencies, too.


By paying the ransom these cyber insurance agencies hold down insurance claim costs by avoiding paying for lost revenue due to ransomware. It also holds down costs associated with external fees for security consultants to aid in the data recovery. And by rewarding attackers by paying the ransom, it may encourage more ransomware attacks, which in turn frighten more businesses and government agencies into buying cyber insurance policies.


In fact, there are several instances on record when the IT department in a business or government agency was working to restore data from backups due to a ransomware attack when they were told "Never mind" because the organization had decided to pay the ransom. And this was often at the urging of their cybersecurity insurer.


Also, some studies have shown that as cyber insurance companies have approved ransom payments in the hundreds of thousands--and even millions of dollars--over the past year, this has caused the attackers to ask for higher and higher ransoms.


Cyber insurance is a very lucrative business. The "loss ratio" is an industry standard for comparing premiums paid for insurance (what comes in) against insurance claims (what goes out). For all property and casualty insurance that loss ratio is about 62 percent (for every dollar of premiums about 62 cents are paid out in claims). However, for cyber insurance it's only 35 percent, meaning that the cyber insurance agencies pay 35 cents in claims for each dollar of premiums.


In the words of the chief technology officer for a well-known antivirus company, "Cyber insurance is what's keeping ransomware alive today."