The world’s first $100m ransomware demand will be made within the next two years, CyberCube predicts in a new report exposing the formation of cybercriminal cartels targeting corporates and other organisations.
CyberCube says cybercriminal cartels “change the rules” for ransomware attacks, using double-extortion to both encrypt data and copy information to increase leverage and ransom demands.
Darren Thomson, CyberCube’s head of cybersecurity strategy, said: “What we’re seeing now is the rise of cyber cartels – loose affiliations of criminal hackers intent on gaining the maximum amount of money possible. They’re doing this by introducing new tactics into their attacks. This keeps them ahead of advances in security and allows them to extort money not once but twice.”
CyberCube says cartels will account for the majority of losses in the cyber insurance market this year.
“Ransomware is now right at the top of the agenda for cyber insurers, reinsurers and brokers. This is because cybercriminals are continuing to adjust and improve their ransomware approaches in response to increasingly sophisticated cyber defence – and to reap as much reward as possible,” Mr Thomson said.
Cybercriminals are targeting the largest companies, aiming attacks directly at Fortune 500 companies to harvest the biggest rewards, according to CyberCube’s report. Companies are increasingly finding themselves victims of double-extortion, paying once to free data from encryption and then again to prevent publication of data stored by hackers.
“Insurers whose client base is made up of large enterprises should be aware that criminals are going to great lengths to understand the corporate structures of large enterprises through the reconnaissance phases of the ransomware attacks,” CyberCube said.
The average ransom demand in a cyberattack has risen from between $500 and $1,000 in 2017 to tens of millions of dollars today, the report says. The Microsoft Exchange attack earlier this year is reported to have generated a ransomware demand of $50m against computer manufacturer Acer.
But CyberCube warns that ransom is only one part of the cost of dealing with a cyberattack.
CyberCube also flags a new trend where criminals threaten to modify stolen data. “These attacks are likely to become increasingly prevalent in the next few years and will focus on sectors utilising sensitive data such as healthcare and financial services,” it says.
Other emerging ransomware-related threats include the development of ransomware worms, where malware spreads without human interaction, and a growing focus on single points of failure, such as the recent attack on Microsoft Exchange.