Skip to content

Commercial Insights

Ransomware “on steroids” – explosive new threat to business and healthcare

By Steve Frew, JD, CIPP/US | Johnson Financial Group

3 minute read time

Business and healthcare organizations are under a massive new attack from cyber criminals in 2020, with reporting a 50% increase in ransomware attacks in the third quarter of 2020 on top of record attacks in the first half of the year. The more explosive and sinister new threat, however, is that cyber criminals have developed a new approach that puts ransomware “on steroids” and make each successful attack more profitable for the bad guys.

How We Got to This Point

Ransomware started out as an irritating, occasional threat that popped up on computer screens and demanded $300 to restore the data. Most victims did not pay, and the less talented hackers moved on to other disruptive entertainment. The more determined criminals moved on to develop ransomware that would spread to other systems and users before triggering a lockdown to increase the return on their effort.

By that time, cyber insurance was starting to arrive on the scene for businesses and healthcare organizations. Payments became more common and demands became larger. Larger organizations began to focus on secure backups to enable them to refuse payment.

By early 2020, the innovative bad guys upped the ante further with a narrower focus on “quality targets” instead of random targets. They often target specific companies and healthcare organizations and use social engineering emails and other tricks to enter the system. Once in the system, the software can lurk for months or even years sending a steady stream of valuable information to the hacker on the best files to lock down, how much the victim has in their bank accounts, and other critical information before encrypting the data and online and offline backups and demanding mega-ransom payments.

Ransomware Today

In 2020, we’ve found that the less sophisticated hackers are “renting” ransomware from vendors on the dark web, the bigtime cyber criminals have adopted a new strategy that calls “double extortion” to increase payments and punish those that attempt to deny payment. In this strategy, the hacker uses the time lurking on the victim computer to steal as much information and credentials as possible. The information typically also involves client data and intellectual property. The hacker will then trigger the lockdown and threaten to make the breach public. Threats then escalate to posting “proofs” online and threatening to attack customers by releasing their data or even locking down customer computers.

According to Roger A. Grimes, a cyber education provider from, almost every victim ultimately negotiates and pays the ransom, even if they deny it. And some ransoms are reaching into the millions of dollars. Most victims rely on their cyber insurance to navigate the treacherous process of surviving an attack of this severity.

Be Ready to Defend Your Organization

To learn more on steps you can take to protect your organization, download a guide to ransomware and an action checklist from the U.S. Cybersecurity and Infrastructure Security Agency. For more information on cyber insurance contact your Johnson Financial Group Commercial Insurance Advisor or find one today .


Steve Frew, JD, CIPP/US

Steve Frew, JD, CIPP/US

Vice President, Risk Consultant | Johnson Financial Group

As Vice President, Risk Consultant, Stephen provides risk assessment services to clients to help identify potential exposures that threaten the company directly or create an unfavorable risk profile that may drive up insurance costs. As a former commercial and litigation attorney, Stephen is experienced in professional standards, litigation, and regulations that affect professional practices and businesses for risk management purposes.