Insurance companies are paying hackers to cause ransomware attacks and sell more policies

Ransomware attacks are increasing exponentially around the world. Although this has multiple causes and explanations, information security services specialists agree that one of the practices that have contributed the most to this increase is the decision of insurance companies to offer policies for ransomware attacks and other information security incidents. There are even those who make more severe claims, raising the possibility of hackers acting in complicity with insurance companies to keep selling more policies.

Crypto e-mail service pays $6,000 ransom, gets taken out by DDoS anyway

A recent investigation into companies that offer cybersecurity incident insurance policies has revealed that hundreds of these companies choose to bear the costs of ransomware incidents, for example; it doesn’t matter for some companies to invest tens or even hundreds of thousands of dollars to retrieve their information. “The costs of such an incident can increase to several million dollars, so it is normal for companies to decide to pay a lower expense if possible,” the investigation says.

An example is the city of Baltimore. According to information security services specialists at the International Institute of Cyber Security (IICS), after a serious ransomware attack, the city government refused to pay a millionaire ransom in Bitcoin. However, the incident recovery costs have already exceeded $6M USD; the city government has even resorted to using resources for maintaining public spaces in this recovery process.

According to the information security services experts, the highlight of this investigation is the fact that insurers benefit from ransomware attacks when victims decide to negotiate with hackers. In many cases it is not even considered the option to use information backups or try to remove encryption with known tools.

After an organization suffers a ransomware attack it is possible for it to regain access to its information on its own, trying with decryption keys or resorting to backups. However, this is a long and costly process, and requires limiting some of the operations in the affected organization. In the end, this is beneficial for hackers, as they get the expected ransom, and for insurance companies, so they can continue to sell protection policies in case of ransomware.

“File recovery usually requires investing considerable financial and intellectual resources. All IT employees in a company must participate, sometimes in collaboration with external information security services teams, which is highly weary for a company, not to mention public relations-related issues, data protection laws breaches, among other problems,” the investigation says.

Recovery costs are not the only drawback. A report recently released by the FBI mentions that, despite paying the ransom and recovering the compromised information, victims of the ransomware infection may suffer the consequences of an attack long after it occurred. “Many times, even if the encryption is removed, there are multiple unidentified programs left on the infected systems, which may compromise the security of your information in other ways besides file encryption,” the report states.