What the Kidnapping and Ransom Economy Teaches Us About Ransomware

Intro
JEREMIAH GROSSMAN CHIEF OF SECURITY STRATEGY WHAT THE KIDNAPPING & RANSOM ECONOMY TEACHES US ABOUT RANSOMWARE
HIGH-SEAS PIRACY PREVENTION Armed private security guards on board ships Shippers harden vessels or take evasive action A change in Somalla at national and local level Pre-emptive action by combined navies in the region Britney Spears
KIDNAPPING & RANSOM INSURANCE
ALL KIDNAPPING INSURANCE IS EITHER WRITTEN OR REINSURED AT LLOYD'S OF LONDON. WITHIN THE LLOYD'S MARKET. THERE ARE ABOUT 20 FIRMS (OR "SYNDICATES") COMPETING FOR BUSINESS. THEY ALL CONDUCT RESOLUTIONS ACCORDING TO CLEAR RULES. THE LLOYD'S CORP. CAN EXCLUDE ANY SYNDICATE THAT DEVIATES FROM THE ESTABLISHED PROTOCOL AND IMPOSES COSTS ON OTHERS. OUTSIDERS DO NOT HAVE THE NECESSARY INFORMATION TO PRICE KIDNAPPING INSURANCE CORRECTLY.
Ransomware requires far less upfront costs and logistics Ransomware is less risky for adversaries (attribution) Ransomware hostage (the data) is not a witness Ransomware scales Ransomware negotiation process is way faster Ransomware is easier to pay logistically (Bitcoin vs cash)
Ransomware campaigns increasingly professionalized and funded Emergence of professional ransomware negotiators Cyber-insurers require clients to keep ransomware policies secret Adversaries will increasingly target backup systems
Backups! Test your backups! (DO NOT destroy encrypted data) Fast system recovery via virtualization Patch, disable MS Office macros, etc Law enforcement investigate and arrest ransomware groups Formation of insurance "syndicates" for ransomware pricing (ie Lloyd's of London) Listen to your cyber-insurer (security guidance)