Ransomware and Social Engineering Attacks Grow

15 July 2019

Ransomware and social engineering attacks against C-level executives have increased in numbers and sophistication.

Ransomware attacks doubled in the first quarter of 2019, according to Lloyd’s of London insurer Beazley, which experienced a 105% increase in the number of ransomware attack notifications by its clients in the quarter compared with the same period a year ago.

Along with an increase in the frequency of attacks, cyber criminals are targeting larger organisations and demanding higher ransom payments. In the first quarter of 2019, the average ransomware demand reported to Beazley was 93% higher than the 2018 average (the average ransom in the first quarter was US$224,871).

According to incident response firm Coveware, the average price of ransoms in the first quarter of 2019 increased by 89% compared to the fourth quarter of 2018. As the average ransom demand goes up, it attracts attack groups interested in making money.

At the same time, the availability of exploit kits, such as banking trojans and ransomwareas- a-service (RaaS) platforms, lower the skill barrier required to facilitate these attacks.

Beazley says sophisticated attack groups associated with Ryuk and Bitpaymer ransomware variants are targeting larger organisations through phishing emails and by tricking users into deploying banking trojans. RaaS attacks, which tend to hit small businesses, also remain commonplace, according to Beazley.

A number of large industrial and manufacturing firms have been hit by ransomware attacks of late. Ransomware attacks disrupted production at a European aluminium manufacturer in March 2019 and at one of the world’s largest semiconductor manufacturers in August 2018. Local government and critical infrastructure have also been targeted – the city of Baltimore was disrupted by a ransomware attack in May, as was a US utility company in October 2018.

Beazley has also seen a substantial increase in incidents involving banking trojans, which are becoming more dangerous and disruptive and are difficult to remove once infected. Banking Trojans typically steal banking credentials from users of online banking websites, but new variants (such as Emotet and Trickbot) harvest other account credentials.

They also perform reconnaissance on email accounts and deploy other malware, most commonly ransomware.

Financially Motivated

Social engineering attacks against C-level executives and attacks against cloud-based email servers also increased last year, according to the 2019 Verizon Data Breach Investigations Report, which analyses over 41,000 security incidents.

C-level executives are 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach, according to the report. Cyber attacks against web-based email accounts using stolen credentials rose to 16% of all breaches this year, from just 3% last year.

Compromise of web-based email accounts using stolen credentials was seen in 60% of all attacks that involved hacking a web-based application.

Subscribe to our latest News & Insights Sign up to our latest  news & insights

The Verizon report provides some useful insights into the motivations and techniques driving cyber attacks.

For example, the majority of attacks are carried out by criminals seeking financial gain. The report found that 71% of security incidents were financially motivated, while 39% of data breaches involved organised criminal groups.

Attacks using ransomware and social engineering are relatively easy to carry out and offer an attractive payoff.

Verizon’s analysis also found that the majority of attacks use relatively simple and established techniques – 94% of malware is delivered through email, for example. The majority of breaches involved either phishing (32%), stolen credentials (29%), or ransomware (24%).

That said, Verizon found that nation states and state-sponsored hackers are playing a greater role in global security incidents. Nation states and state supported hackers were linked to 23% of incidents, while 25% of data breaches involved cyber espionage.

Another important finding of the Verizon report was the time taken to discover a data breach. Over half (56%) of data breaches took one month or longer to detect.



  • Sarah StephensSarah Stephens

    As part of Marsh JLT Specialty's London-based Financial Lines Group, Sarah and her team work both directly with our clients and with network colleagues and independent partners to make sense of cyber, technology, and media E&O (PI) risks and create leading edge bespoke insurance solutions in the London market.

    Prior, Sarah spent 12 years with Aon in a variety of roles. Her last role at Aon was Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business groups and clients in the region to identify, analyse, and drive awareness of cyber risks, exposures, and both insurance and non-insurance solutions.

    Previously, Sarah spent seven years with Aon’s US Cyber and Errors & Omissions practice group thinking nonstop about cyber insurance way before it was cool. Her first four years at Aon were spent in the Account Management group working with large clients and developing a keen eye for excellent client service.

    For further information or to learn more about cyber insurance, contact Sarah Stephens, Head of Cyber, on +44 (0)20 8108 9541.

  • For more articles like this, download our Cyber Decoder

    Share this article