GB’s Gerard Ward, Head of Cyber Services and Peter Diskin, International Product Director recently presented to the London Market, research on ‘ Points of Failure in the Ransomware Electronic Business Model’.

Gerard’s research was recently completed in conjunction with Professor Brian Cusack of AUT, an Auckland based university. The findings highlighted the fast moving cyber landscape of ransomware which historically has increased 167 times year on year for the last three years.

The research purpose was to understand the trade in ransomware, and the efficiency/ effectiveness of the Dark Net marketplace in facilitating cyber-crime to inform claim responses for data breaches of this type. Ransomware was selected as a product category to illuminate transaction flows, as a ransomware attack is an insured event under most cyber insurance policies.

The business model for Ransomware is anextortion model whereby the attacker gains advantage over the victim and then makes demands. The attacker may gain value from intimidation, threats, service disruption, elevating their reputation, and financial or other benefits.

However for a Ransomware attack to be successful, the attacker must keep their identity secret. As a consequence the utilization of resources from the Dark Web is required, and the victim has to master Dark Web mechanisms in order to transact with the attacker.

Dark Net (or Dark Web) which is the encrypted section of the Internet favoured by cyber criminals and privacy advocates. It critiques the environment from a macro-market perspective to understand the ease with which transactions can be completed. There are significant operational constraints for cybercriminals in using the Dark Net, and in fact ransomware as an attack type pursued for profit will be limited by these constraints.

While ransomware has been growing year on year, Gerard’s research finds that clickbait ransomware is now less likely to be pursed for profit, due to better victim protections, the complexity of the dark net environment, the current cryptocurrency volatility and the high cost of anonymisation.

However while attacks should be less frequent, they may be more multipronged and sophisticated as time goes on. Ransomware remains an effective disruption tool and businesses need to consider whether the attack is exfiltrating data or not and consult those with the right knowledge in this area, before deciding to pay a ransom.