Ransomware is by far and away the fastest growing attack method in cybercrime. It’s a trend that has only continued in 2019, with a serious uptick in the number of ransomware incidents and insurance claims in just the last couple of months.
VP and national cyber risk
practice leader at Risk Strategies.
As the volume and efficacy of attacks continue on an upward trajectory, another trend has emerged: more and more victims are paying the ransom.
Evolution of ransomware
Among the emerging advancements in ransomware is the use of command-and-control bots, used to not only encrypt data, but also navigate through computer systems, steal credentials and gain access to system administrator accounts. This complex malware gets hackers into the production environment as well as the backup system to deploy the ransomware encryption. With today’s malware, there’s no longer a perfect mitigating control.
Timing is critical
Ransoms are insurable under cyber policies, as are other costs associated with an attack, such as forensic investigative expenses, remediation costs and business interruption losses. How your cyber policy is written can have a big impact on the outcome and timing is a critical consideration.
While a cyber policy may cover the ransom, there can be some delays in paying out the demand. The longer the delay, the greater the costs.
Additionally, most cybercriminals demand payment in cryptocurrency such as bitcoin. However, most insurance carriers don’t have easy access to cryptocurrency. Some cyber insurers have vendors on retainer who can access bitcoin quickly. This is important because if a network is down two or three days and part of the delay is waiting to get approval and bitcoin payment from the insurance company, it can create reputational damage.
Steps to mitigate damages
While there’s not much in the way of technology or risk management that can be done to effectively eliminate the risk of a ransomware attack, there are a few things you can do to mitigate damages:
• Check your policy. There’s value in working with your insurance broker to make sure your policy is well-crafted and that ransom demands will be approved and paid expeditiously.
• Employee training. In the majority of cases, bad actors are able to gain access to a system and deploy ransomware because of human error. An employee clicks a link, opens an attachment, downloads a file, or unwittingly gives away credentials. Train your workforce so that they’re able to spot red flags.
• Have a post-attack plan. Make sure you have a business continuity plan and an awareness around what key systems are needed to keep your business up-and-running so you can continue to serve your customers.
