author photo
By Bruce Sussman
Wed | Mar 13, 2019 | 7:21 AM PDT

Just a couple of days ago, we wrote about a county in Georgia that paid a $400,000 ransom to hackers because it believed buying the decryption keys was much cheaper than restoring its entire network.

And last year, the City of Valdez, Alaska, paid a ransomware demand after a proof of concept from hackers.


Now, we've come across something that suggests insurers are increasingly paying hackers after they hit a client's network. 

Why? It saves insurers money.

According to this interview with Threatpost Senior Editor Tara Seals, this is a growing trend as more companies acquire cyber insurance.

[Seals] Before we kick off our video interview here, you had mentioned that you’ve been seeing a trend of companies actually paying the ransomware when they get hit by an attack. So, I thought that could be a really interesting place to start our conversation if you wanted to tell me a little bit about what you’re seeing there.

[Josh Zelonis, Forrester] Yeah, absolutely.

So one of the trends that I’ve been hearing about more and more is that insurance companies are actually starting to pay the ransoms because it’s costing them less than going and doing the remediation, going back to backups, which may or may not even exist.

And so a lot of the time the incident response companies are being brought in to broker the transaction with the adversaries themselves in order to ensure that the payment is made and recovery is possible.

Now part of the problem, as you might imagine, is that this creates a market where it becomes more and more profitable to use ransomware as a method of attack against an organization.

Primarily the reason why this is such a challenge is that we’ve been seeing ransomware tapering off in the last number of years, and now that it seems that we’re starting to create a market, I expect that we’ll see that turnaround and start increasing again.

Ransomware becoming more targeted

Emergin Threats panel SWSEA18

The other trend we're hearing about, especially during panel discussions at SecureWorld conferences, is that even though the overall number of ransomware attacks were down in 2018, the attackers were taking more time and effort to target the best prospects.

And they were pricing ransomware in a way that correlated to the value of the data the hackers can lock up.

In the case of Jackson County, Georgia, the $400,000 ransom might have been priced based on all the county systems it took down, or it might have been priced knowing the county would look 60 miles down the road at Atlanta. 

Remediation costs there are some $15 million, and counting, after the city refused to pay a hacker's ransom last year.

Suddenly $400,000 looks like a good deal, regardless of whether the county or its insurer has to pick up the tab.