Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Insurer AXA Halts Ransomware Crime Reimbursement in France

In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.

In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.

AXA, among Europe’s top five insurers, said it was suspending the option in response to concerns aired by French justice and cybersecurity officials during a Senate roundtable in Paris last month about the devastating global epidemic of ransomware.

“The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” cybercrime prosecutor Johanna Brousse said at the hearing. Only the U.S. surpassed France last year in damage from ransomware to businesses, hospitals, schools and local governments, according to the cybersecurity firm Emsisoft, estimating France’s related overall losses at more than $5.5 billion.

The suspension only applies to France and does not affect existing policies, said Christine Weirsky, a spokeswoman for the U.S. AXA subsidiary, a leading underwriter of cyber-insurance in the United States. She said it also does not affect coverage for responding and recovering from ransomware attacks, in which criminals based in safe havens including Russia break into networks, seed malware and cripple them by scrambling data.

Only after ransoms are paid do the criminals provide software keys to decode the data. And last year, many began stealing sensitive data before encrypting networks and threatening to dump it online unless victims paid up. That helped drive ransom payments up nearly threefold to an average of more than $300,000. The average recover time from a ransomware attack is three weeks.

The insurance industry has come under considerable criticism for reimbursing ransom payments. Cybersecurity expert Josephine Wolff of Tufts University said it has come to be built into organizations’ risk-management practices “as one of the costs of doing business. And I think that’s really worrisome because that is what fuels the continued ransomware business — people keep paying ransom.”

An 81-page urgent action plan delivered to the White House last week by a public-private task force noted that enriching ransomware criminals only fuels more global crime, including terrorism. But the authors stopped short of advocating a ban on ransom payments, saying paying up can sometimes be the only way for an afflicted business to avoid bankruptcy. U.S. officials call ransomware a national security threat, and some lawmakers are calling for immediate financial relief for stricken local authorities short on IT resources and running vulnerable systems.

Michael Phillips, chief claims officer at the U.S. cyber-insurance firm Resilience and a co-chair of the task force, said “AXA France’s decision highlights the continued tumult in the market” as insurance firms grapple with successfully underwriting ransomware policies while confronted with rising payout costs that threaten profitability.

Advertisement. Scroll to continue reading.

Philips said he doesn’t expect U.S. insurers to impose similar restrictions — or a wave of exits — but did say that the best carriers are becoming more exacting about customers’ cybersecurity hygiene. Many victims, such as cash-strapped state and local governments, haven’t adequately invested in security and are easy prey for ransomware criminals.

Often, those criminals have gathered intelligence about potential targets in advance and know when a victim carries insurance that covers ransom payments. Sometimes they even know a policy’s payment ceiling.

Emsisoft analyst Brett Callow called AXA’s decision smart, noting that some organizations seem more inclined to pay ransom if the money isn’t coming from their own pockets. “The only way to break this vicious cycle is to cut off the flow of cash — and ceasing to reimburse ransom demands may well do that.”

RelatedUniversity Project Tracks Ransomware Attacks on Critical Infrastructure

Related: Mamba Ransomware Leverages DiskCryptor for Encryption, FBI Warns

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.