Waratah Analytics - A decade of ransomware

A decade of ransomware.

8 November, 2021Ransomware

Organisations and people often make a simple mistake in life, believing the history of some tragedy begins with them. Ransomware research is like this, with each cyber insurance company starting their statistics with their own loss record. Here at Waratah Analytics we like to think a little bit differently, and thus we work hard to look at cyber risks over a long period of time before we are ready to underwrite them.

For example, ransomware using bitcoin has almost a decade of history already. We shouldn't only be examining the last few years if we want to understand it’s patterns and character. Those who don’t learn from history (or the mistakes of others) are doomed to repeat them…

Those who don’t learn from history (or the mistakes of others) are doomed to repeat them…

Below is a graph not of insurance claims, but rather of the number of ransoms paid to a variety of historical ransomware families. One can clearly see that 2014 was a bumper year for ransomware frequency! We can combine this long term view with our shorter term claims view to get some perspectives that make us different.

Let's do a break down by family and ignore time to get some more perspective on which groups process the most ransoms historically.

Equally, we could use the same visualisation to show which groups made the most money.

If you only read quarterly reports then both security companies and many cyber insurers will have you believe that there are more ransomware events that cost more every single quarter. We believe this is because they have taken the shorter view of history.

The reality is much more complex, in that the frequency is down (image above) but the severity; is up (image below). At least if you view this risk over a decade as we do!

Astute underwriting synthesizes these long view data sources along side the short view quarterly claims data sources. This allows us better pricing of the base risk, before we even begin any differential risk analysis for individual clients.

Don't get caught short, take the long view with us.

Éireann Leverett

Éireann has spent at least 3 years in each of the primary cyber roles; secure development, red teaming, incident response, research, and risk. He is a published author of both books and academic papers. He is ranked by Google scholar amongst the top ten authors on cyber risk, and serves on many programming committees for both academic and hacking conferences. He continues to collaborate with people who are younger and more talented than himself to reduce cyber risk globally.