64% Jump in Ransomware Claims on Remote Access Tools, Report Shows

A 64% jump in ransomware claims in 2023 is driven by an explosion in “indirect” ransomware incidents, up over 415% in 2023, with remote access tools accounting for 58% of attacks.

The year-over-year increases were seen among mid-market and emerging businesses, according to At-Bay’s 2024 InsurSec Report.

Attackers continue to exploit remote access technologies, making perimeter access tools an increasingly weak link in the chain, according to the report. Cybercriminals shifted their focus in 2023 from remote desktop protocol (RDP) to targeting self-managed virtual private networks (VPNs) — those implemented on-premises and maintained in-house — which accounted for a whopping 63% of the year’s ransomware events where remote access was the initial entry vector.

However, while frequency rose, the severity of ransomware attacks dropped by 24% year-over-year in 2023, with the average attack costing $370,000. This decrease is likely driven by more businesses successfully restoring from backups after an attack. At-Bay’s claims and cybercrime data showed that companies who failed to restore their data from backups were three times more likely to pay a ransom than those who couldn’t. Business interruption costs were also lower.

The average ransom demand by attackers exceeded $1.26 million in 2023, though the average amount paid came in at $282,000, 77% lower than the initial demand on average. A ransom payment was avoided in more than half (54%) of the incidents. Law firms, finance and manufacturing saw the highest severities.

Double leverage attack – using both data encryption and exfiltration – was used in 51% of incidents and was also the most costly for businesses. Encryption and exfiltration events saw the highest median ransom paid ($195,000) over encryption-only incidents ($66,000) or exfiltration-only incidents ($110,000).

Organizations using Cisco and Citrix self-managed VPNs were 11 times more likely to fall victim to a direct ransomware attack than those using a cloud-managed VPN or no VPN.

Who’s behind the crime? LockBit and BlackCat were used in 35% of ransomware attacks in 2023. Of 41 unique ransomware strains used in attacks, LockBit and BlackCat/ALPHV overshadowed all others.