Filed Under:Markets, E&S/Specialty

Cyberattacks involving extortion are on the up, Verizon says

Criminals have increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses. (Photo: iStock)
Criminals have increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses. (Photo: iStock)

(Bloomberg) -- Cyberattacks involving ransomware — in which criminals use malicious software to encrypt a users’ data and then extort money to unencrypt it — increased 50 percent in 2016, according to a report from Verizon Communications Inc.

And criminals increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses, the report said. Government organizations were the most frequent target of these ransomware attacks, followed by health-care businesses and financial services, according to data from security company McAfee Inc., which partnered with Verizon on the report published Thursday.

Instances of ransomware attacks have grown along with the market for bitcoin, the digital currency that is most commonly how cybercriminals demand ransoms be paid because of its anonymity.

Malware raids with phishing email

While overall most malware was delivered through infected websites, increasingly criminals were turning to phishing — using fraudulent emails designed to get a user to download attachments or click on links to websites that are infected with malware — to carry out attacks. A fifth of all malware raids began with a phishing email in 2016, while fewer than 1 in 10 did the year before, according to the report.

"These emails are often targeted at specific job functions, such as HR and accounting — whose employees are most likely to open attachments or click on links — or even specific individuals," the report said.

Verizon is currently in the process of acquiring Yahoo! Inc.’s internet properties at a $350 million discount after revelations of security breaches at the web company. Yahoo said in December that thieves in 2013 stole information from 500 million customer accounts, from email addresses to scrambled account passwords. Such a data cache may allow criminals to go after more sensitive personal information elsewhere online.

Criminal gangs

Whereas in the past most ransomware simply encrypted the data on the device where it was first opened, Marc Spitler, a Verizon security researcher, said criminal gangs were increasingly using more sophisticated hacking techniques, seeking out business critical systems and encrypting entire data servers. "There is increased sophisticated surveillance and targeting of organizations to maximize profit," he said in an interview.

Criminal gangs were behind the majority of all cybersecurity breaches, Verizon said, with financial services firms the most common victims, accounting for about a quarter of all attacks.

Espionage also on the rise

But espionage — whether that was by foreign governments or unknown entities — was on the rise, Verizon said, accounting for 21 percent of all breaches in 2016 up from less than 10 percent in 2010. Besides governments, manufacturing firms were the most likely to be targeted in espionage-motivated attacks, the report said. There has also been a surge in espionage-related breaches targeting universities and other educational institutions, spiking from almost none in 2012 to more than 20 percent last year, it said.

Related: 3 wise cybersecurity solutions for 2017

The Verizon report, which is published annually, draws on the company’s own data from breaches its security consultants have responded to and data contributed by 65 partner organizations, including the U.S. Secret Service. NTT Security, a unit of Japan’s Nippon Telegraph and Telephone Corp., released a report earlier this week that showed results similar to Verizon’s findings.

Copyright 2017 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.


No business is totally safe from cyber attacks

Hackers are not the only threat. Many data breaches involve the download of malicious codes and viruses. Here are two...

Featured Video

Most Recent Videos

Video Library ››

Top Story

Winners announced for NU’s Agency of the Year Award

The winners of NU’s 2017 Agency of the Year Award have been selected, and will be featured in profile stories in our October print edition and right here on

Top Story

Do you qualify for NU’s Excellence in Cyber Security Risk Management Award?

Gain your cybersecurity risk management program the recognition it deserves. Nominate your program for the NU Excellence in Cyber Security Risk Management Award today!

More Resources


eNewsletter Sign Up

Specialty Markets Insight eNewsletter

Receive updates and analyses on hard to place and challenging coverages. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.