About Matthew Lerner

Matthew Lerner is the business content writer at RIMS.

Ransomware Attacks Increase, With U.S. the Primary Target

Ransomware attacks constituted the greatest cybercrime danger in 2016 as the volume and value of attacks rose sharply, according to a new report from internet security firm Symantec.

“Attackers have honed and perfected the ransomware business model, using strong encryption, anonymous Bitcoin payments, and vast spam campaigns to create dangerous and wide-ranging malware,” according to “Internet Security Threat Report (ISTR), April 2017.”

The average ransom amount involved in such attacks jumped 266% to $1,077 during 2016 from just $294 in 2015. Symantec also found that frequency increased, with detection of ransomware up 36% to 463,000 from 340,000 in 2015; or 1,271 per day in 2016 compared to 933 per day in 2015.

The United States saw the largest share of these attacks by far at 34%, followed by Japan (9%) and Italy (7%). “The statistics indicate that attackers are largely concentrating their efforts on developed, stable economies,” Symantec said. Further, research from Norton Cyber Security Insight team said that 34% of those attacked will pay the ransom, but that figure jumps to 64% for U.S. victims, “providing some indication as to why the country is so heavily targeted,” the Symantec report said.

Another indicator of rising ransomware activity is the tripling of new families of ransomware to 101 in 2016 from just 30 in both 2105 and 2014. While the number of new variants (distinct variants of existing ransomware families) declined 29% to 241,000 from 342,000 in 2015, this “suggests that more attackers are opting to start with a clean slate by creating a new family of ransomware rather than tweaking existing families by creating new variants,” the report said.

The proportion of ransomware infections on consumer computers rose only marginally to 69% from 67% in 2015 as the rate of infections for enterprise and other organizations dropped accordingly to 31% from 33% in 2015. Consumer infections totaled between 59% and 79% for every month except December, when they fell to 51%.

Beyond the top threat of ransomware, the report discusses exposures including “New frontiers: Internet of Things, mobile, & cloud threats,” and has a section that lists multiple challenges from malware, spam and phishing via email. Email, for example, was a major avenue of attack in 2016, “used by everyone from state- sponsored cyber espionage groups to mass-mailing ransomware gangs,” it said, adding that one in 131 sent during 2016 were malicious, the highest incidence in five years.

Symantec also discusses a few of the largest cybercrimes of the year, including the theft of $81 million from the central bank of Bangladesh and alleged tampering with the U.S. electoral process. “Cyber attackers revealed new levels of ambition in 2016, a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record,” according to the report.

Despite the apparent rising threat level portrayed in the report, the cyber insurance landscape remains untamed, Risk Management Magazine reported in April. Potential customers would be wise to educate themselves prior to approaching the market.

GM Halts Venezuela Operations Following Plant Seizure

General Motors has ended its operations in Venezuela after authorities in the strife-torn country seized the company’s plant there on Wednesday.

In a statement Thursday, General Motors said that assets, including vehicles, were also seized from the plant as it was taken over by Venezuelan officials while demonstrations surged throughout the country. The company said in a statement that the facility was taken without due process and that it intends to defend its interests.

General Motors has about 2,700 workers and 79 dealers employ 3,900 in Venezuela, according to the Detroit News, which added that “GM’s Venezuelan operations have been a drag on earnings for several years.” Last year the company lost $400 million before taxes in South America, which accounted for roughly 6% of global sales at 583,000 vehicles. GM also took a $720 million charge in the second quarter of 2015 for currency devaluation and asset valuation write-downs as Venezuela’s economy crumbled.

Losses such as the plant and possibly even including the currency hits may or may not be covered by political risk insurance. The challenge in securing such coverage is in accurately predicting when and where it might be needed—companies cannot wait until a threat emerges before securing cover, which is likened to attempting to buy home insurance after your house has caught fire. GM did not immediately respond to an inquiry asking whether the plant was insured for misappropriation.

In its statement, GM said workers at the seized plant would get separation benefits if the government allows such. The statement added that dealers in Venezuela will continue to service vehicles and provide parts.

In its “Credit and Political Risk Insurance Report & Market Update, January 2017,” insurance broker Arthur J. Gallagher ranked Venezuela as one of the world’s riskiest nations, describing the county’s risk potential as “very high,” ranking it just above Libya.

Indeed, this is not the first instance of Venezuela’s government appropriating private assets amid rising nationalist sentiments and domestic unrest. “It fits a broader pattern, in the sense that the government’s response to surges in opposition activity tends to be the deepening of the revolution,” Phil Gunson, a Venezuela-based analyst for the International Crisis Group, told The Washington Post.

Opposition forces on Thursday called for further mass protests against the government. Venezuela has been in crises as forces opposing the government of President Nicolas Maduro accuse the hand-picked successor of populist leader Hugo Chavez of running a dictatorship. Runaway inflation and shortages of food, fuel and goods have stoked nationwide protests that killed three on Wednesday, including a 17-year-old male and a National Guard sergeant.

The fuel shortages are especially ironic given that Venezuela holds the world’s largest proven oil reserves with 298.4 billion barrels, topping Saudi Arabia’s 268.3 billion barrels of reserves, according to 2015 figures from the U.S. Energy Information Agency.

Firestorm Over Forced Removal Proves Costly for United

United Airlines stock tumbled nearly 4% in early trading Tuesday morning before recovering late in the day as the company continued to deal with fallout after video surfaced showing a passenger being forcibly dragged from a United flight at Chicago’s O’Hare International Airport. United shares were down by as much as 6% in premarket trading Tuesday morning, according to MarketWatch.

Shocked viewers responded with universal outrage Monday to a video appearing to show a 69-year old man being brutally dragged off his flight by three uniformed officers from the Chicago Department of Aviation, one of which has since been placed on leave. The man’s face was bloodied and he appeared disheveled as officers dragged him along the narrow aisle of the plane.

“The incident on United flight 3411 was not in accordance with our standard operating procedure and the actions of the aviation security officer are obviously not condoned by the Department,” the agency said in a statement. “That officer has been placed on leave effective today pending a thorough review of the situation.”

Compounding the Airline’s misery was a letter sent to employees Monday night by United’s CEO, Oscar Munoz, saying that he supported the actions of the flight’s crew in removing the passenger, who Munoz accused of being “disruptive and belligerent.” Munoz later apologized directly to the passenger but his public sentiment was judged disingenuous in the wake of the leaked employee memo.

The passenger was removed from the flight to make room for four United employees, although it was initially reported that the passenger was removed from the flight to Louisville due to overbooking—a standard industry practice of selling more seats on any given flight than are actually available to shield the airline from lost revenue from no-shows. Although the flight was not technically overbooked, United followed the policy in order to seat the four employees.

In 2016, the 12 largest U.S. airlines bumped slightly more than 40,600 of 659.7 million passengers, for a rate of 0.62 per 10,000 passengers, down from 0.73 per 10,000 in 2015, according to the Bureau of Transportation Statistics, Bloomberg reported.

In this case, the airline requested that four passengers relinquish their seats to United employees. According to reports, the airline first offered passengers $400 in addition to hotel and flight vouchers, and then raised the cash component to $800. When there were no takers, the airline chose four passengers to be removed. Approached by the flight’s crew, the man declined to give up his seat, asserting that he is a doctor and needed to see patients Monday morning.

The incident also sparked an international outrage across China, where it was the top item trending on Sina Weibo, as it was reported the removed passenger was Asian. The BBC reported that a passenger seated next to the doctor said the doctor was originally from Vietnam, where there was also widespread negative reaction. The hashtag #UnitedForcesPassengerOffPlane had more than 270 million views and an online petition, “Chinese Lives Matter,” which has some 38,000 signatures and calls for a U.S. investigation into the case, according to Bloomberg.

Reputational damage can be potentially costly as a company may have to deal with expenses related to managing a crises, such as public relations and advertising, as well as any loss to the company’s stock market value. The incident is the second in as many weeks to envelop United, which previously suffered scorn in the court of public opinion after barring two nonrevenue passengers from boarding a flight based on a dress code violation.

United’s largest shareholder is Warren Buffet, whose 9% stake in the airline, worth roughly $2 billion, was down some $90 million when United’s stock was at its lowest point on Tuesday.

Disaster Losses Climb as Protection Gap Widens: Swiss Re Sigma Study

Global Economic losses from disaster events almost doubled in 2016 to $175 billion from $94 billion in 2015, according to the most recent Sigma Study from the Swiss Re Institute.

Insured losses also rose steeply to $54 billion in 2016 from $38 billion in 2015, the study found. This led to a “protection gap,” as the company calls it, of some $121 billion, the difference between economic and insured losses, a figure highly indicative of the opportunity for greater insurance penetration, according to Swiss Re. “The shortfall in insurance relative to total economic losses from all disaster events…indicates the large opportunity for insurance to help strengthen worldwide resilience against disaster events,” said the report. The gap was $56 billion in 2015.

Total economic and insured losses in 2015 and 2016:

The two headline loss figures are the highest since 2012 and end a four-year decline as the year saw a higher amount of significant disaster events including earthquakes, storms, floods and wildfires worldwide. The report noted that some events hit areas with high insurance penetration, leading to the 42% jump in insured losses.

Despite the precipitous rise in both economic and insured losses, human losses plummeted to approximately 11,000 lost or missing in 2016, down from more than 26,000 in 2015.

Of the 327 disaster events last year, 191 were natural disasters while 136 were man-made. Regionally, Asia experienced the most disaster events with 128 leading to approximately $60 billion in economic losses. Asia also had the single most costly disaster event of 2016 as the April earthquake on Kyushu Island, Japan caused an estimated $25 billion-$30 billion in economic losses.

Insured losses of $54 billion almost equaled the $53 million inflation-adjusted annual average of the past 10 years, said the report, despite being 42% higher than 2015’s $38 billion. Natural catastrophes accounted for $46 billion of insured losses, equal to the 10-year annual average, as man-made disasters led to $8 billion of insured losses, according to the report.

“In 2016, both economic and insured losses were close to their 10-year averages. Insured losses made up about 30% of total losses, with some areas faring much better because of higher insurance penetration,” Kurt Karl, Swiss Re’s chief economist said in a statement.

More than half of insured losses occurred in North America as a record number of severe convective storm events hit the region. These included an April hail storm in Texas, which caused $3.5 billion in economic loss and $3 billion in insured loss as some 86% of losses were covered. An August system brought severe storms and flooding to Louisiana, causing $10 billion in economic loss and $3.1 billion in insured loss.

The region saw several major disaster events.

In May and June, wildfires in Alberta and Saskatchewan, Canada caused $4 billion in economic losses and $2.8 billion in insured losses, Canada’s largest-ever insurance loss. The fire consumed 590,000 hectares of land and caused the evacuation of about 88,000 people. In October, hurricane Matthew, the first Category 5 storm in the North Atlantic since 2007, led to $12 billion in economic losses and $4 billion in insured losses while also, sadly, causing the greatest loss of life as 700 were lost, mainly in Haiti.

Flooding across Europe and China was also devastating at times. In May and June, severe rain and floods hit Belgium, France and parts of Germany, causing economic losses of $3.9 billion and insured losses of $2.9 billion. Flooding along China’s Yangtze River basin caused an estimated $22 billion in economic losses but low insurance penetration, in contrast to Europe, led to insured losses of just $400 million, according to the report.