Boston (AP) —In the past few weeks, ransomware criminals have trophyd at least three North American insurance brokers that provide policies to help others paralyze networks and survive blackmail attacks that steal data. Insisted.

Cybercriminals who hack corporate and government networks to steal sensitive data for extortion routinely try to find out how much cyber insurance the victim has. Knowing what victims can afford can give them an edge in ransom negotiations. The cyber insurance industry is also a major target for fraudsters seeking customer identity and coverage.

Cyber ​​insurance was a profitable niche industry before ransomware evolved into a full-fledged global epidemic of companies, hospitals, schools and local governments. He was accused of fueling criminal feeding frenzy by regularly encouraging victims to pay, but prevented many from going bankrupt.

Today, this sector is not just the criminal crosshairs. Last year, ransomware cases saw an increase of over 400%, and demand for blackmail surged. As a percentage of the premiums collected, cyber insurance payments are now above the break-even point of 70%.

Fabian Wosar, chief technology officer of Emsisoft, a cybersecurity company specializing in ransomware, said there is no longer a general attitude among insurers. Pay the criminal. It can be cheaper for everyone involved.

“The ransomware group became too greedy too quickly, so the cost-benefit equation that insurers first used to determine if they should pay the ransom no longer exists,” he says. I did.

It’s not clear how the single biggest ransomware attack on record that began on Friday will affect insurers. But that’s not a good thing.

There is pressure on the industry to stop ransom repayments.

In May, major cyber insurance company AXA decided to do so with all new insurance policies in France. But so far, it’s clearly independent in the industry, and the government hasn’t moved to outlaw redemption.

AXA is one of the leading insurance companies suffering from ransomware attacks, and its business in Thailand has been hit hard. Chicago-based CNA Financial Corp. is a US cybersecurity underwriter ranked 7th last year, and the network broke down in March. In less than a week, cybersecurity firm Recorded Future has released an interview with REvil, a member of the Russian-speaking ransomware gang behind the current attack, who is skilled in gathering pre-attack information. did. He suggested aggressively targeting data about insurer clients.

CNA did not confirm Bloomberg’s report of paying a $ 40 million ransom. This is the highest reported ransom on record. It also does not mention what and how much data was stolen. The system, where most policyholder data is stored, simply states that it was “unaffected.”

CNA also submitted to the Securities and Exchange Commission that its losses may not be fully covered by insurance, “future cybersecurity insurance coverage is difficult or significantly higher. It may only be available at a cost. “

Another major insurer hit by ransomware was broker Gallagher. Attacked in September, it revealed that the attacker may have stolen very detailed data from an unspecified number of customers, from passwords and social security numbers to credit card data and medical diagnostics. Was only last week (June 30th). The company’s spokeswoman, Kelly Murray, does not say whether the cyber insurance policy is on the compromised server. She doesn’t even say if Gallagher paid the ransom. RagnarLocker gang criminals appear to have never posted information about attacks on dark web leak sites, suggesting that Gallagher paid.

Of the three insurance brokers that the ransomware gang claimed to have attacked in recent weeks, two who posted the stolen data on the dark website as evidence did not answer phone calls or emails in Montreal and Detroit. Third, in Southern California, he admitted that he had been dragged for a week.

By the time Colonial Pipeline and major meat processor JBS were hit by ransomware in May, insurers had already passed on higher compensation costs to their customers.

In the US and Canada, January cyber premiums rose 29% from the previous month, said Gregory Eskins, an analyst at major commercial insurance broker Marsh McLennan. February’s monthly jumps were 32% and March’s jumps were 39%.

To undo ransomware-related losses, Eskins said it reached about 40% of cyber insurance claims in North America last year. Policy updates are subject to new, stricter rules or scope restrictions.

“Prices need to match risk,” said Michael Phillips, chief claimant for San Francisco cyber insurance company Resilience and co-chair of the public-private ransomware task force.

The policy may specify that refunds for extortion payments must not exceed one-third of the total coverage. This usually includes recovery and loss of income, as well as payments to public relations companies to mitigate reputational damage. Alternatively, insurers may cut coverage in half or introduce deductions, said broker Aon’s Brent Lease.

Some small carriers have dropped coverage altogether, but large players are changing tools instead.

Next are hybrid insurers such as Resilience and Boston-based Corbus. They don’t just ask potential customers to fill out a questionnaire. They physically investigate cyber defenses and actively engage clients in the event of a cyber threat.

“We monitor and make proactive recommendations dynamically throughout the year, not just once a year,” said Phil Edmundson, CEO of Corvus.

But is the industry as a whole agile enough to absorb the growing onslaught?

“The extent to which cyber insurance remains generally available and affordable remains uncertain,” the Government Accountability Office warned in a May report. The New York Treasury also said in a February circular that it could cause significant losses in the industry.

Both the insured and the insurer are liable for sharing experience and data, the Royal United Services Institute of the United Kingdom said in a new report. Most ransomware attacks have not been reported and there is no central clearinghouse, but the government has begun to seek compulsory industry reports. As a business unit, insurance companies are not particularly transparent. In the United States, they are regulated by the state, not the federal government.

And so far, cyber insurers have largely resisted calls to stop refunding ransom paid.

“Generally speaking, network security isn’t good enough at this point,” said Adrian Cox, CEO of UK-based Beazley, in a May earnings call. He said it was up to the government to decide whether payments were bad public policy. Evan Greenberg, CEO of Chubb Limited, a leading US cyber insurance company, agreed in its annual report in February that the ban was a government authority. But he favored illegal payments.

Jan Lemnitzer, an instructor at the Copenhagen Business School, believes that cyber insurance should be mandatory for large and small businesses, just as everyone who drives must wear car insurance and seat belts. A study by the Royal United Services Institute recommends it to all government suppliers and vendors.

He thinks banning ransom payments is problematic, but Lemnitzer says it’s “easy” to force insurance companies to stop paying them.

Some suggest imposing a fine on ransom payments as an impediment. Alternatively, the government may hold some of the cryptocurrencies recovered from ransomware criminals and the proceeds may be sent to the Federal Ransomware Defense Fund.

Such measures could cut into criminal income, said Stewart Baker, a lawyer at Steptoe and Johnson, a former NSA legal counsel.

“In the long run, it means that the resources currently being sent to Russia to pay for Ferrari in Moscow will be used instead to improve US cybersecurity.”