Ransom demands have grown substantially over the past year, smaller companies are increasingly targeted, and cyber criminals continue to take advantage of dislocations in how we work, according to a Coalition report.
From the first half of 2020 to 2021, the average ransom demand made to Coalition policyholders increased nearly threefold, from $450,000 to $1.2 million per claim. There was also an emergence of several aggressive new ransomware variants, including Mount Locker, HelloKitty, and Conti.
While the average ransom demand steadily increased, the average payout made for ransomware claims decreased slightly from the first half of 2020 to the first half of 2021, reflective of its efforts to help policyholders negotiate ransoms and recover data backups.
While ransomware has become more widespread and severe in the past year, many organizations continue to be targeted by less sophisticated attack techniques that exploit the new patterns of remote work. Nearly 50% of attacks against Coalition’s policyholders were initiated by phishing and social engineering.
Funds transfer fraud (FTF) and BEC attacks increasing
From the first half of 2020 to 2021, funds transfer fraud (FTF) attacks increased 28% and business email compromise attacks increased 51%. In that time period, the average funds stolen in an FTF attack increased from $116,842 to $326,264 — a 179% increase.
These attacks are also increasingly targeting small and micro businesses. In 2021, there was a 57% increase in the frequency of attacks against organizations with under 250 employees. The increased automation of cyber attacks, as well as the more widespread use of insecure remote access tools during the pandemic, has left these organizations exposed and created new opportunities for cyber criminals.
“It’s clear that ransomware and other cyber crimes have escalated considerably in the past year. Bad actors are targeting everything from critical infrastructure to the corner store,” said Joshua Motta, CEO at Coalition.
“We believe that when organizations understand their risk profile and take proactive steps to reduce their risk, they can safely embrace new technology and remain resilient to cyber attacks.”