There has been a great deal of media coverage regarding hacks, ransom software (ransomware) attacks, and stolen data that was subsequently released to the public. Twitch, an Amazon-owned streaming site, had not only personal information of its top streamers released, but also the source code of the platform itself and personal identifiable information (PII) of its employees. Epik, an internet services provider, was hacked and the PII of those who had used the site to create or host websites was also released. While these were the results of so-called Hacktivists (hacker activists), additional significant events have occurred this year.

On May 7, 2021, Colonial Pipeline, a major oil pipeline that supplies most of the eastern seaboard with fuel, was the reported victim of a ransomware attack which halted operations until May 12, 2021. The Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., to keep fuel supply lines open.

On July 2, 2021, the REvil cyber-criminal group reportedly exploited a security vulnerability of Kaseya’s Virtual System Administrator (VSA) remote monitoring and management (RMM) software package, which “pushed” a software update to managed service providers (MSPs) that contained the Sodinokibi ransomware code. Kaseya stated on July 5, 2021, that between 800 and 1,500 ‘downstream’ businesses were impacted by the attack. The collateral damages were more extensive as several of these businesses had multiple cyber footprints. For example, Coop, a Swedish supermarket chain, closed 800 grocery stores for nearly a week.

While these attacks carry familiar tones to what many carriers have already been exposed to in the past few years, the difference in these recent attacks stems from the U.S. government’s reaction. Many businesses were in the process of negotiating ransom demands with the REvil group when, on July 13, 2021, the cybercriminal’s online presence went dark and all contact with the criminal group ceased. It was reported that President Biden communicated directly with Russian President Vladimir Putin prior to the REvil group’s disappearance. The result; many victims were unable to restore their data.

On September 21, 2021, the White House revealed that sanctions were initiated against a cryptocurrency exchange over its alleged role in facilitating illegal payments for ransomware attacks. While there are many cryptocurrency exchanges, several additional statements and policies put in place this year have set a distinct tone: victims of ransomware or exfiltrated (leaked) data may have greater challenges in the restoration of their business-critical files, without an alternative to payment of ransom demands to decrypt affected files available.

The U.S. Treasury’s Financial Crimes Enforcement Network recently released a report which indicates that the total suspected amount of ransomware payments made during the first half of 2021 was $590 million, up 30% from the previous year, and that approximately $5.2 billion in outgoing bitcoin payments were tied to the top ten ransomware variants over the past three years. As such, we anticipate a continuing upward trend in the number of ransomware attacks, the scope and scale of these attacks, and the ransom payments levied in order to return affected victims to a pre-loss condition.

Loss Solutions Group’s team of experts continuously monitor trends and engage with other professionals in the cyber security industry in order to provide carriers with the expert knowledge and assistance they require. 

Please contact Jon Pullin, LSG Technical Consultant, with questions or to discuss claims involving Information Technology at 866.899.8756 ext. 727 or jpullin@losssolutionsgroup.com.