The cyber operation against Norsk Hydro that became public this week is notable for several reasons, including the nature of the attack and how quickly cyber insurance coverage entered the conversation.
Publicly available details indicate that this was a targeted intrusion, with attackers putting in manual effort post-compromise to deploy ransomware to as many endpoints as possible. This is part of a broader trend in the ransomware landscape that is described by security company CrowdStrike as "big game hunting". Rather than sending phishing e-mails with ransomware to thousands or millions of addresses to collect individual ransoms, several more sophisticated criminal threat actors are conducting network compromises against enterprises with high-availability needs (hospitals, manufacturing, press, etc.) and causing maximum business disruption.
Targeted intrusions to deploy ransomware across a network is a development in the threat landscape that cyber insurers would be wise to keep an eye on. These attacks are much more dangerous than the individual ransomware cases of the past, and a company's entire business model can be put at risk. The ransoms are often astronomically higher, as well.
CyberCube included an analysis of this trend in a recent private briefing to one of our top-tier cyber insurance partners. Our threat intelligence experts will continue to track this, and other trends as they develop. More to come, no doubt!