TZUTC: -0500   
   MSGID: 1032.consprcy@1:2320/105 2c66b81b   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Ransomware operators are demanding more if they detect cyber-insurance   
      
   Date:   
   Wed, 16 Apr 2025 15:02:00 +0000   
      
   Description:   
   Hackers are actively looking for potentially high-paying victims with   
   cyber-insurance.   
      
   FULL STORY   
      
   Ransomware operators will demand significantly more money if they discover   
   that the company they targeted has cyber-insurance, new research has found.    
      
   The discovery was made by a Dutch police officer Tom Meurs while working on   
   his PhD thesis, which saw him analyze 453 ransomware attacks between 2019 and   
   2021, discovering one of the first things threat actors do, after gaining   
   access to the target environment, is search for documents of a    
   cyber-insurance policy.    
      
   If they find it, the ransom demand spikes. Generally, it increases by a    
   factor of 2.8x, but if they also manage to steal sensitive data in the   
   process, the ransom demand is increased 5.5 times.    
      
   This discovery is in line with what cybersecurity researchers have seen in    
   the past - ransomware operators trying to talk organizations into paying the   
   ransom demand, arguing that since they have insurance, they essentially have   
   nothing to lose.    
      
   Law enforcement is generally against paying the demand, saying that it fuels   
   more cybercrime.    
      
   The researcher further determined that companies with insurance pay the    
   ransom demand 44% of the time. Those that arent insured paid 24% of the time.   
   Those with insurance pay, on average, around $800,000 while those without -   
   $150,000.    
      
   "I often read in chat messages that cybercriminals send to each other, or on   
   illegal marketplaces where login details are sold, that they are specifically   
   looking for companies from sectors that pay a lot," Meurs said.    
      
   "My research shows that the ICT sector in particular pays high amounts.   
   Companies from this sector often supply the ICT for many other companies,   
   which means that multiple companies are victims of a single attack. This may   
   be why the willingness to pay is higher."    
      
   The best thing to do, to mitigate the risk, is have a strong backup solution   
   set up, Meurs concluded. Those with a backup are 27 times less likely to pay   
   the ransom demand, he found in the research.    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/ransomware-operators-are-demanding-more   
   -if-they-detect-cyber-insurance   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426