Cyber insurer reports 60% spike in ransomware in March 2023

Despite a 60% increase of ransomware in early 2023, the Corvus Risk Insights Index has found fewer are paying ransoms, and proper security controls are an effective deterrent. 

The fourth Corvus Risk Insights Index™, is a compilation of industry trends and data analysis based on the company’s claims data, threat intelligence research, and proprietary scanning technology, the Corvus Scan.

In the early months of 2023, there was a sudden global explosion in the frequency of ransomware attacks with 452 new victims’ data appearing on dark web leak sites in March — a 60 percent increase year-on-year according to Corvus’s analysis of dark web sources. Despite the rise in observed activity, the rate of claims at Corvus has continued to trend downward this year.

“Following a year of decline in 2022, the early months of 2023 have brought a sudden explosion of ransomware attacks globally. This time, though, fewer organizations are caught off guard,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “More of them have cyber insurance, for one thing — along with enhanced security controls required by insurers since ransomware’s previous peaks. More organizations are able to face down attackers. Left unchecked, ransomware will continue to flourish. Corvus policyholders have not seen the same increase in ransomware activity, which we attribute to better security controls and proactive risk management."

In this latest edition of the Corvus Risk Insights Index™, Corvus’s experts — including data scientists, underwriters, cybersecurity professionals, and claims managers — reflect on the past year, current trends, and what’s to come in the remainder of 2023.

Ransomware Claims, Costs, and Severity

Corvus routinely monitors its book for trends and compares that to global ransomware trends through its threat intel team, allowing for a broader look at trends across the industry.

Notable Ransomware Findings:

• 2022 was a year of decline. Corvus observed a 52% reduction in ransomware claims over the full year, and a 62% decline from Q1 2021 to Q4 2022. Corvus also observed a 45% reduction in the total number of victims whose information was posted on the dark web.
• Attacks against U.S. companies were far less frequent in 2022, compared to other countries. While the U.S. saw 45% fewer victims posted on the dark web, Corvus discovered a nearly 20% increase in ransomware across all other countries in 2022 versus 2021.
• Ransomware attacks began to spike again in March 2023. Outside the Corvus book of business, 452 victims appeared on leak sites in the U.S., a 60% increase over the previous year. Meanwhile, claims on the Corvus book of business continued to decline.
• The number of claimed extortion victims industry-wide in March 2023 stands at 349, according to dark web leak sources. This is a 31% increase over February 2023, a 23% increase year-over-year. March remains one of the highest months on record.

Impact on Policyholders:

While ransomware attacks in the U.S. fell significantly in 2022, and the rate of payment of ransomware demands also fell, the average dollar amount paid in ransom rose to the highest levels ever seen across a full year, a 63% increase over 2021.

• Ransom payments have dipped for Corvus policyholders. In 2022, the percentage of Corvus policyholders who paid when confronted with a ransom dipped below 30% for the first time, a 16% improvement over the prior year and well below the estimated 41% who pay in the broader market.
• The smallest businesses bear the brunt of attacks as a percentage of revenue. A business with $50 million in revenue pays 4.5x more as a percentage of revenue for the average cyber claim than a business with $250 million in revenue.

“Pockets of Air” in Targeted Industries

Corvus has honed its ability to find “pockets of air” in industries often targeted by ransomware attacks. Healthcare is one industry that has been hit hard in the recent 2023 rise. Corvus data shows a 750% increase from February to March in attacks on healthcare-related organizations. Yet, despite the dramatic increases, healthcare organizations are 25% less likely to pay ransoms than average, and within Corvus’s book of business, healthcare has seen no change in attack frequency to date.

Other notable industry-specific shifts in dark web data from February to March 2023 include:

• Telecommunications saw an 800% increase in attacks.
• Government saw a 220% increase in attacks.

“The pockets of air in industries like healthcare show the power of data combined with the right security insights,” said Rebholz. “Just because ransomware is rising, or your industry happens to be targeted, doesn't mean you can't manage your risk. With the collective experience of thousands of attacks on different types of organizations, the lessons — and the best actions to take — are thankfully clearer than ever.”