What We Do
How we do it
Sep 23, 2021
SolarMarker Malware Activity
THE THREAT eSentire has observed a recent and significant increase in SolarMarker infections delivered through drive-by download attacks. These attacks rely on social engineering techniques to persuade users to execute malware disguised as document templates. SolarMarker is a modular information-stealing malware; infections may result in the theft of sensitive data including user credentials.…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Aug 25, 2021
eSentire named a Leader in IDC MarketScape for U.S. Managed Detection and Response Services
August 26, 2021 – Waterloo, ON -  eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), announced today that it has been named a Leader in the IDC MarketScape: U.S. Managed Detection and Response Services 2021 Vendor Assessment (doc #US48129921, August 2021). IDC defines the core services an MDR must provide as follows: reduced time for onboarding, 24/7…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Blog — Sep 03, 2021

The Insurance Sector: Another Ripe Target for Ransomware Attacks

Within the first half of 2021, we have already seen ransomware attacks crippling many industry giants, resulting in massive operational disruption and costing millions in recovery efforts.

While threat actors have made it a habit to target organizations within the utilities, healthcare, and food & agriculture sectors, a new target has emerged within the past year: the insurance sector. Major insurance providers have reported being the targets of ransomware attacks and surprisingly, some have also admitted to paying the ransom.

The driving forces behind why the insurance industry is targeted

Adversaries are fueled by the personally identifiable information (PII) that insurance companies hold for their clients. Since much of this data (e.g. medical records, financial statements, government-issued identification, etc.) is used for underwriting and claims preparation, it is highly sensitive, and insurers collect and store a lot of it. In the hands of a threat actor, this data can easily be used to commit medical, insurance, and/or identity fraud on unknowing victims. Therefore, insurers are at a heightened risk of experiencing financial and reputational loss as well as regulatory repercussions.

Additionally, despite the global adoption of digital transformation, the insurance industry is still very much reliant on legacy systems due to the cost associated with modernizing technology and digitizing client records. However, a move towards modernization can be a double edged sword; the digitization of insurance records and client data can expose insurance firms to third-party risk as well as expand the threat surface as organizations adopt hybrid infrastructures.

As a result of this treasure trove of highly-valuable client data, weak security defenses, and a lack of internal resources driven by a skills shortage in cybersecurity, it’s clear that cyber criminals have found themselves a new opportune target in insurance providers and brokerage firms. Additional risk factors that have contributed to the increasing ransomware attacks include human error and an evolving threat landscape.

The rise of cyber cartels and double extortion

In the past couple of years, a new organizational structure has emerged for cyber criminals. Gone are the days when organizations were dealing with a lone hacker. Today, we’re seeing the formation of highly-organized ‘cyber cartels’, wherein cyber criminals have come together to collaborate on leveraging specialized attack tactics to maximize ransom payouts.

One such attack tactic that has rapidly gained momentum is double extortion, through which threat actors first gain access into the corporate environment, exfiltrate all the data on to their own servers, and then deploy ransomware.

Ultimately, even if the target organization is able to restore their data without paying the ransom, threat actors can still cause financial loss & liability, reputational damage, and impact the business’s bottom line by threatening to make the stolen data public.

As a result, it’s increasingly difficult for the insurance industry to keep up with the sophistication of today’s ransomware attacks. In fact, nearly every major insurance firm that suffered a ransomware attack within the past year was also the victim of double extortion:

It seems that the message to the insurance industry is clear: your data is highly valuable and cyber criminals will use any means necessary to extort you.

The answer to protecting data lies in prevention, detection, and containment

As a response to the sharp rise of ransomware threats against the insurance sector, the National Association of Insurance Commissioners (NAIC) established the Cybersecurity Task Force in 2015 to address cybersecurity within insurance companies.

In order to remain compliant, firms must demonstrate they have followed the programmatic and operational requirements outlined by the NAIC. This should serve as a clear sign that insurance providers must evaluate their risk exposure on a continual basis.

The reality is that the threat landscape will continue to evolve. Understandably, insurance firms must begin to take threats more seriously and act with diligence to not only prevent incidents, but to take measures to detect and contain if and when they do occur.

Much of prevention is rooted in how the insurance sector manages cyber risk. Ask yourself:

When cyber criminals target your organization, you must be able to detect their presence and immediately contain them to limit their spread.

While prevention certainly plays a role in cyber resilience, it’s evident that insurance firms must take a comprehensive approach to protect clients’ data. Instead of solely relying on preventative measures, insurance firms should have the ability to respond to any threats before they disrupt business operations.

Cybersecurity investment may be a big undertaking for insurance providers and brokerage firms, but it’s an investment that is now a necessity.

To learn more about how Managed Detection & Response can help your organization detect and contain threats before they become business-disrupting events, book a meeting with an eSentire security specialist.


eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.