Best's Review


Ransomware Blooming, Sophistication Growing as Hackers Get More Brazen

Cybercriminals are now offering ‘customer service’ to victims, according to Resilience Insurance President Mario Vitale.
  • Meg Green
  • February 2021
  • print this page

Ransomware attacks are becoming more common and more sophisticated, with crime syndicates now offering “customer service” to victims, said Mario Vitale, president of the newly launched Resilience Insurance.

Vitale was with before it morphed into program manager Resilience, which specializes in cyber insurance.

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Criminals typically spread ransomware through phishing emails or by a victim unknowingly visiting an infected website, according to the U.S. Cybersecurity &Infrastructure Security Agency.

Ransomware has evolved to the point that syndicates now have “customer service departments,” Vitale said. After one Florida municipality's system was locked down, the victims asked the attackers how they could be sure their information would be restored if they paid the ransom. The criminals offered “references”—other municipalities that had been hacked, paid the ransom, and had their systems restored, Vitale said.

The criminals told the municipality: “We have to have good service, because if we didn't open you back up, nobody would pay us any money,” according to Vitale.

“You'll get a call the next day after they opened it up, 'How did the experience go? Is there anything we can do to help improve our service? Would you recommend us?' They literally have a customer service department that speaks English,” Vitale said.

Vitale also said the criminals knew the Florida municipality had insurance that would cover the attack.

Global cybercrime costs are expected to grow by 15% a year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015, according to Cybersecurity Ventures.

Ransomware is leading the cybercrime way. With millions of people working from home due to the COVID-19 pandemic, the window for hackers was widened, Vitale said.

Hackers can go from entering a system to ransoming the entire network in 45 minutes.

Cybersecurity Ventures reports there's been more ransomware attacks in the past 12 months than in any comparable period. In 2020, according to Cybersecurity Ventures, a company was attacked every 11 seconds. The costs from these attacks will reach around $20 billion by 2021.

Hackers can move quickly, going from entering a system to ransoming the entire network in 45 minutes, according to the September Microsoft Digital Defense Report.

And demands for ransom have been rising, up nearly 200% from 2018 to 2019—averaging $115,123 in 2019, according to a report by the Crypsis Group.

The U.S. has seen a plague of ransomware in recent months, with major cities from Baltimore to Atlanta hit, and local governments and schools hit especially hard. The FBI and other agencies have warned that health care systems were particularly at risk.

In September, a ransomware attack impacted all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to use paper and pencil for record-keeping, and slowing lab work.

Also in September, the first known fatality related to ransomware occurred in Dusseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city, according to the Associated Press.

Hackers are getting more sophisticated—using robots and artificial intelligence—and businesses, insurers and governments need to work together to mitigate attacks, Vitale said.

“The FBI has told me that they know where they are, but you can't get them,” Vitale said. “A lot of them go back to Russia and North Korea, as you might guess. Despite the fact that they traded and got these ransoms paid in cryptocurrency, and even though with some specification we can track them back, there's very little we can do about it because of where they are, and they're protected by their governments.”

Resilience partners with underwriter Intact Insurance Specialty Solutions and hopes to establish an FM Global-style operation, with cyberexperts preventing and minimizing cyberattacks the way FM Global's engineers work to prevent property losses from occurring, Vitale said.

“Even though we believe that this is one of the most important risks that [businesses face], not only in terms of business interruption but reputation, loss of client information, etc., not all companies spend an equal amount on that protection,” Vitale said.

Meg Green is a senior associate editor, AM Best TV. She can be reached at

Back to Home

Want More News From Best's Review?

Sign up for our Best's Review Newsletter and we'll send you featured news stories straight to your inbox.