Chubb, one of three insurance agencies that has seen an increase in claims tied to ransomware cyberattacks, is blaming bitcoin for the surge.
In an interview with Bloomberg, Michael Tanenbaum, an executive vice president at Zurich-based Chubb, said the rising price of bitcoin, which is the payment of choice for hackers engaging in ransomware attacks — in which they steal a computer user’s data and demand payment to get it back — is creating an increase in insurance claims.
Tanenbaum said there has been a “massive escalation” in the number of ransomware attacks and the size of bitcoin payments. “The rise in price of bitcoin correlates,” he told Bloomberg, without providing the total costs. Around the midpoint of this year, the executive said payouts to corporations due to ransomware attacks started surpassing $1 million. In the past, the maximum claim was $17,000.
Winston Krone, a global managing director who oversees Kivu Consulting’s ransomware services, told Bloomberg that because of the surge in the value of bitcoin this year, hackers are getting bolder, demanding payouts in the $250,000 to $500,000 range, which was nonexistent six months ago.
Kivu Consulting, which works to facilitate cryptocurrency payments and investigate hackers, along with rival Navigant Consulting are seeing their businesses flourish in recent months. “We can make immediate payments of six figures,” Krone said.
The firm employs scores of investigators who speak multiple languages and are trained to negotiate with hackers to make sure clients aren’t dealing with a terrorist group. Paying ransom to a terrorist group could get the company in trouble with U.S. laws, noted Bloomberg. Outside of that, Krone said it’s up to the customer to decide if they want to pay the money. In “the ethics of paying ransoms and paying criminals, we take a neutral stance,” he said.
But not every hacker has demanded more as the price of bitcoin skyrockets. Christiaan Beek, who leads strategic threat intelligence research for McAfee, revealed that criminal networks seeking few bitcoins from victims could collect the same amount for months before raising the ransomware amount.