Ransomware is by far and away the fastest growing attack method in cybercrime. It’s a trend that has only continued in 2019, with a serious uptick in the number of ransomware incidents and insurance claims in just the last couple of months.
As the volume and efficacy of attacks continue on an upward trajectory, another trend has emerged: more and more victims are paying the ransoms.
Evolution of Ransomware
A few years ago, if a company was locked out of its data by hackers, it wasn’t necessarily inclined to pay the ransom demand. That’s because there used to a “silver bullet,” in that if the company was doing regular backups of its systems, it could restore its data.
However, malware sophistication is outpacing our defenses. Among the emerging advancements in ransomware is the use of command-and-control bots, used to not only encrypt data, but also navigate through computer systems, steal credentials and gain access to system administrator accounts. This complex malware gets hackers into the production environment as well as the backup system to deploy the ransomware encryption. With today’s malware, there’s no longer a perfect mitigating control.
As a result, more and more victims end up paying the ransom.
We saw this recently in a rash of attacks on municipal governments. In June, Lake City, Florida had its entire records database —100 years’ worth of official records — ransomed by hackers who demanded over $460,000 to restore access to the city’s encrypted computer system. With no good options, the city paid. Other small, medium and large cities have been recent victims of ransomware attacks, from Baltimore to Jackson County, Georgia.
Timing is Critical
Ransoms are insurable under cyber policies, as are other costs associated with an attack, such as forensic investigative expenses, remediation costs and business interruption losses. How your cyber policy is written can have a big impact on the outcome and timing is a critical consideration.
While a cyber policy may cover the ransom, there can be some delays in paying out the demand. How is your policy worded when it comes to approving ransoms? How long will it take to get the go-ahead? How much experience does your carrier have in handling ransomware incidents? The longer the delay, the greater the costs.
Additionally, most cyber criminals demand payment in cryptocurrency such as bitcoin. However, most insurance carriers (as well as most people, businesses and government entities) don’t have easy access to cryptocurrency. Some cyber insurers have vendors on retainer who can access bitcoin quickly. This is important because if a network is down two or three days and part of the delay is waiting to get approval and bitcoin payment from the insurance company, it can create reputational damage.
Steps to Mitigate Damages
Every enterprise, public or private, of every size and industry, is susceptible to ransomware incidents. While there’s not much in the way of technology or risk management that can be done to effectively eliminate the risk of a ransomware attack, there are a few things you can do to mitigate damages:
- Check your policy. There’s value in working with your insurance broker to make sure your policy is well-crafted and that ransom demands will be approved and paid expeditiously.
- Employee training. In the majority of cases, bad actors are able to gain access to a system and deploy ransomware because of human error. An employee clicks a link, opens an attachment, downloads a file, or unwittingly gives away credentials. Train your workforce so that they’re able to spot red flags.
- Have a post-attack plan. Make sure you have a business continuity plan and an awareness around what key systems are needed to keep your business up-and-running so you can continue to serve your customers.