Ransomware gangs are increasingly taking advantage of internal disruption at companies undergoing mergers or acquisitions, says a new study. According to a report by Resilience Cyber Insurance Solutions, an increase in global M&A deal volume of 36% in 2023 created new opportunities for cybercriminals to exploit points of failure within organisations. Perhaps unsurprisingly, 64% of all breaches reported to the firm involved the use of some kind of ransomware – with the financial severity of claims spiking 411% year on year.
“Increased vendor interdependence and M&A activity have created an unprecedented opportunity for hackers, with far more points of failure and potential for human error,” said Vishaal “V8” Hariprasad, co-founder and CEO of Resilience. “Now more than ever, we need to rethink how the C-suite approaches cyber risk. Businesses are interconnected like never before, and their resilience now depends on that of their partners and others in the industry.”
M&A activity and tech consolidation aiding ransomware gangs
Resilience’s report highlights how evolving threat actor tactics have taken advantage of increased business and technology consolidation, leading to a surge in ransomware campaigns. These campaigns have increasingly targeted interconnected systems and newly acquired companies, creating significant risks for various economic sectors.
The report also revealed that 35% of all claims since January 2023 were the result of third-party vendor breaches or ransom attacks. This percentage rose to 40% in 2024 and is expected to continue increasing.
“Technology consolidation – in which industries rely on single suppliers for critical platform services – [has] proven to lead to catastrophic effects downstream if a single supplier is breached,” wrote Resilience’s Marykate Broderick. “In addition to potential ransom payments, impacted organisations typically face significant business interruption and lost revenue.”
The manufacturing and construction sectors experienced the largest increases in claims in 2024. Manufacturing claims surged from 15.2% in 2023 to 41.7% in 2024, while construction claims increased from 6.1% to 25.0% over the same period.
Change Healthcare incident led to most payouts for insurance firm in H1 2024
The incidents that generated the most claims at Resilience in H1 2024, the firm revealed, involved ransomware attacks on Change Healthcare, CDK Global, and the exploitation of the PanOS zero-day vulnerability. The ransomware attack on Change Healthcare, which occurred in February, severely impacted the company’s operations, including its billing and care authorisation systems. The attack resulted in widespread disruptions across the US healthcare system, affecting hospitals and pharmacies nationwide. UnitedHealth Group, the parent company of Change Healthcare, had to undertake extensive recovery efforts, including rebuilding the affected platforms from scratch to restore service.
The ransomware attack on CDK Global, a cloud-based software provider for automotive dealerships, occurred in June 2024 and caused significant disruptions. Approximately 15,000 car dealerships across the US were forced to shut down their IT systems, with some reverting to manual processes to continue operations.
The attack, attributed to the BlackSuit ransomware group, also had severe financial implications, with estimates suggesting a potential loss of around 100,000 vehicle sales during the month.
Earlier this week, the US Federal Bureau of Investigation (FBI) announced the successful disruption of the criminal ransomware group known as “Radar” or “Dispossessor.”
The operation, led by the FBI’s Cleveland division, resulted in the dismantling of key infrastructure linked to the group, including servers in the US, UK, and Germany. Additionally, several criminal domains were taken offline as part of the crackdown.
The FBI conducted the operation in collaboration with international partners, including the UK’s National Crime Agency and law enforcement agencies in Germany.
Read more: