The development of cyber insurance awareness has witnessed a significant boom in recent years, driven by the increasing frequency and sophistication of cyber threats.

Take last week’s TikTok hack, in which attackers exploited a vulnerability in the platform’s direct messaging feature to hijack several high-profile accounts.

As content creators and businesses across all sectors become more reliant on digital operations, the risks associated with data breaches, ransomware attacks, and other cyber incidents have increased dramatically.

Kirsten Michelson (pictured above), head of Gallagher Bassett’s Cyber ​​Practice Group, spoke with Insurance Business about the evolving landscape of ransomware attacks.

From targeted attacks to mass exploitation

“Anyone who uses a computer faces cyber risks,” Mickelson said.

“Years ago, threat actors were more targeted. They focused on financial, educational, and government institutions because they were more profitable and had deeper pockets.

However, modern threat actors play a numbers game, targeting any nearby low-hanging fruit they can find.

Just as TikTok’s security flaw allowed hackers to easily infiltrate the platform, organizations without adequate cyber protection are similarly vulnerable, exposing themselves to a constantly evolving threat landscape.

Ransomware as a Service: A New Business Model

As ransomware attacks become increasingly advanced, hackers have shifted their negotiation style, turning hacking into real business.

In the past, victims were often redirected to a dark web portal to communicate with threat actors. This interaction often requires the use of a translated application, which can make it difficult to discern the hacker’s true tone. Were they angry or were they receptive to negotiations?

Today’s operations have become more complex. Now, when they click on a faulty link, victims are redirected to customer service-like chatbots, similar to those found on retail websites.

“There may also be an icon with a friendly face, which makes it seem a bit more personal. Once you decide to pay, you’ll get a decryption tool to recover your data. But if it doesn’t work or is corrupt, someone on the other end will “Guiding you through the process.”

Complexities of crime episodes

As hacking operations become more advanced, it is becoming more difficult for organizations to determine whether paying the ransom will get their data back.

“There was more honor among thieves,” Mickelson said. “If a group doesn’t honor its commitment to return stolen data, no one will pay, because everyone will know that this group is known to take your money and run.”

Change Healthcare, a major healthcare company in the US, recently paid $22 million to the BlackCat Ransomware group amid a cyberattack that disrupted prescription drug services across the country.

However, the criminal who allegedly facilitated access to Change’s network claims that BlackCat tricked them out of their share of the ransom and still possesses the sensitive data that Change paid to destroy.

“With ransomware as a service, affiliates of the main group have less control, which can be an issue,” Mickelson said.

Victims should understand that they typically have limited insight into how hackers are organized internally. Even after the ransom is paid, the risk of data leakage often remains.

Proactive cyber measures

The lack of transparency surrounding hacking groups highlights the need for organizations to implement strict cyber measures from the beginning.

While purchasing cyber insurance is still in its infancy; Intermediaries are increasingly educating organizations about their importance.

“The cyber market is worth billions of dollars, and more and more companies will need this coverage. Cyber ​​risks are business risks,” Mickelson said.