The number of ransomware victims in 2023 surpassed 2021 and 2022 and, according to a report issued by cyber policy underwriter Corvus Insurance, global ransomware attacks increased 95% from 2022.  According to the Sophos State of Ransomware 2023 report, the average ransom payment was $1.54 million.  The Cybersecurity and Infrastructure Security Agency (CISA) released the following actions to take against the threat of ransomware:

1. Routinely take inventory of assets and data to identify authorized and unauthorized devices and software.
2. Prioritize remediation of known exploited vulnerabilities.
3. Enable and enforce multifactor authentication with strong passwords.
4. Close unused ports and remove applications not deemed necessary for day-to-day operations.

In addition, the Security and Exchange Commission (SEC) has set new rules requiring registrants (i.e., publicly traded companies and foreign private investors) to disclose cybersecurity incidents within four days, report ransomware payments within 24 hours, and submit annual cyber risk management, strategy, and governance reports.  These new rules went into effect on 12/18/2023 and these new SEC requirements are in addition to the Cyber Incident Reporting for Critical Infrastructure Act of 2022, where covered entities must report cyber incidents within 72 hours and ransom payments within 24 hours to CISA. 

There was some good news regarding crime-fighting and ransomware threat actors.  The Department of Justice announced a disruption to the ALPHV / Blackcat Ransomware threat actors infrastructure.  Over the past 18 months, ALPHV / Blackcat has emerged as the second most prolific ransomware-as-a-service in the world with more than 1,000 victims worldwide.  The FBI, working with law enforcement groups around the world, seized many websites that the threat actor group operated.  In addition, the FBI offered a decryption tool to over 500 victims of ALPHV / Blackcat Ransomware variant and is seeking other victims to come forward.  The guidance requests victims to contact their local FBI field office for help with decrypting files that were encrypted with ALPHV / Blackcat.

In addition, Cisco Talos released a decryptor for the Tortilla variant of the Babuk Ransomware allowing businesses targeted by the ransomware to recover their files.  Babuk emerged in 2021 with wide-ranging attacks on critical infrastructure organizations.  Later that same year the source code for Babuk was released and a decryption tool was created, however, threat actors also used the source code to create new strains of Babuk Ransomware such as Tortilla.  Cisco Talos researchers obtained executable code with the ability to decrypt files impacted by Tortilla.  They extracted the private decryption key and have shared it with Avast for inclusion in the Avast Babuk Decryptor that was released in 2021, allowing many users to recover files once encrypted by different variants of Babuk.

Loss Solutions Group’s team of experts continuously monitors trends and engages with other professionals in the cyber security industry to provide carriers and their customers with the expert knowledge and assistance they require.

Please contact Mike Nolan, LSG Technical Consultant, with questions or to discuss claims involving information technology at 866.899.8756 ext.735 or mnolan@losssolutionsgroup.com.