Most industries seeing relief from ransomware, but insurance isn't one

Smaller insurers became a favorite target for the LockBit ransomware gang during Q1 2022.

“For insurance companies specifically, we saw a 13% increase in ransomware attacks in Q1,” says Crane Hassold, Abnormal Security’s director of threat intelligence. (Credit: FBI cyber division)

The first quarter of 2022 closed with businesses seeing a 25% decline in the total number of ransomware attacks compared with the prior quarter, according to Abnormal Security Corp. However, the finical service industry, including insurance, saw no such relief as the total sector saw attacks grow 35% quarter-on-quarter and 75% year-on-year.

Insurers saw a 13% increase in ransomware attacks during the first quarter, according to Crane Hassold, Abnormal Security’s director of threat intelligence,” who tells PropertyCasualty360.com that the financial service industry was the only sector that saw a net increase in overall ransomware attacks in Q1 2022.

While insurers saw an uptick in attacks, accounting for 10% of ransomware incidents during the period, manufacturers continued to be the most targeted by ransomware, drawing 25% of attacks, according to Abnormal Security.

The retail and wholesale trade saw the biggest drop in ransomware attacks during the period, declining 52% compared with the prior quarter.

LockBit loves insurers

Abnormal Security reported that LockBit, an affiliate-based ransomware-as-a-service (RaaS), has increased its focus on the financial service industry in general, and smaller accounting and insurance firms specifically. Hassold explains this is because smaller companies typically lack the capital to robustly invest in cybersecurity, making them easier to exploit and more attractive targets for cybercriminals.

“Smaller organizations are also attractive targets for other types of attacks such as financial supply chain compromise, where small companies are exploited first with the goal of attacking large customers,” he says, adding: “Most of today’s ransomware attacks are delivered indirectly through compromising an organization’s network with malware.”

Coveware, Inc., a ransomware remediation firm, reported that phishing is the most common attack vector targeted by LockBit, followed by software/hardware vulnerabilities and remote desktop protocol, respectively.

“Once an organization’s network is compromised, the threat actors will leverage initial access to remotely deploy ransomware,” Abnormal Security’s Hassold said. “The most important step organizations can take in protecting against ransomware today is ensuring that this initial compromise doesn’t happen.”

Earlier this year, the FBI cyber division released a flash bulletin regarding LockBit 2.0, an update to the RaaS, which noted these attacks are difficult to defend against because of the wide variety of tactics, techniques and procedures they employ. However, the bureau did offer some tips to mitigate against risks from LockBit 2.0:

Related: