Corvus’ Winchester: Ransomware “back with a vengeance”

Ransomware “really had a resurgence” in 2023 over the prior year, according to Lauren Winchester, SVP, Risk Advisory at Corvus, who told The Insurer TV at the NetDiligence Cyber Risk Summit in Miami Beach that it will continue to be a big threat in 2024.

“We have noticed a drastic increase in the number of ransomware threat actor groups that are out there,” she said.

The Corvus SVP expects the threat of mass exploitation events, like MOVEit, to continue and possibly even expand their potential reach this year.

“I think we can expect to see threat actor groups going for that again, because it's just so successful time and again,” said Winchester.

And while the Corvus Q4 Ransomware Report did show a brief dip in threat activity last December, Winchester points out that attacks were 70 percent higher than in Q4 of the year prior, and so far, 2024 is keeping pace.

“When we look at the January numbers, because we've already started to look ahead, it was less than December,” said Winchester.

“So that's a good trend, right, but still way over January 2022 and 2023. So, you know, we're still at these increased levels of ransomware,” she added.

With attacks likely to intensify, a “proper response” from policyholders is essential, according to Winchester. A former breach response officer, she advises claims teams and policyholders to respond quickly, as opposed to waiting to notify their insurer.

“Those policyholders that reach out right away when they're experiencing an attack are going to fare a lot better in the incident response process,” said Winchester.

“We can get them set up with…a tight ecosystem of vendors…who know how to work together really well, and who also have dealt with thousands of clients in their shoes and can jump right in,” he added.

This is especially true if the policyholders lack internal digital forensics or in-house incident response teams. According to Winchester, if firms don’t make the right moves, they can potentially destroy evidence that could help discern what data was taken.

Travelers deal

In November last year, Corvus announced it was being acquired by insurance giant Travelers. The ~$435mn deal completed in January and with integration is currently underway, the company has big ambitions, according to Winchester.

“The goal is massive…to be a cyber industry leader, to have the right people and the right technology together,” said Winchester.

“I think they saw in us some really great technology, great underwriters, great loss control, and how can they leverage that for…a stellar team that they had.”

Winchester’s goals for the year continue to be focused on risk mitigation for policyholders.

“We use a lot of our threat intelligence, that we're getting from various sources, to alert our policyholders that may be at risk of those particular threats.”

The priority this year is zeroing in on more proprietary sources of data, so Winchester and her team can continue to intervene early when policyholders get attacked, and prevent claims from happening in the first place.

Watch this 10-minute video to learn more about:

  • What the likelihood is of ransomware threats in 2024
  • Why the slowdown of attacks in Q4 of 2023 has already ramped up
  • How Corvus approaches an incident breach
  • The state of the Travelers’ acquisition of Corvus
  • Why policyholders have been outcomes when they act quickly after an attack

The Insurer is partnering with NetDiligence® as we gear up for the launch of our cutting-edge dedicated platform – Cyber Risk Insurer – coming this February. Cyber Risk Insurer is poised to become the premier destination for in-depth coverage of the growing cyber (re)insurance market. Stay tuned for more details…