Ransomware attacks & cyber security insurance (part 2 of 2)
We last discussed what damages ransomware can inflict, three types of ransomware, three ways of getting infected with ransomware and cyber liability insurance protection in September 2020’s blog post. Now we are discussing the pros and cons for paying a ransom, preventive measures, and again the importance of having proper cyber liability insurance coverage.
Pay ransom or not?
Cyber criminals usually impose a deadline for payment under the threat of permanently locking up files. If payment is not delivered the criminals will increase the ransom amount.
Bitcoin, among other crypto currencies, is the most preferred currency for extortionists to get paid because crypto currencies allow them to be anonymous. Ransom amounts can range from hundreds to millions of dollars.
Even if ransom is paid to the criminals, there is no guarantee the data will be given back. Paying cyber criminals ransom can make you a repeat target for more attacks in the future.
Although paying ransom is generally not recommended, some companies do pay the ransom as part of their insurance coverage, AFTER their insurers approve the ransom payments. The deductible a company pays the insurance company usually is much less than the demanded ransom amount which is covered by a cyber insurance policy.
It seems a perpetual game between cyber crimes and cyber security technology, – hopefully the security “good guy” is always one lily pad ahead of the criminal “bad guy”, but unfortunately it is not always the case. Keeping ahead of cybersecurity threats requires some common sense preventive measures such as:
- Do not use public Wi-Fi to conduct any business activities.
- Never click on links or download attachments from unknown sources.
- Always verify the security of a website – Check if the site has been secured with a padlock, and/or use a website safety check tool such as Google safe browsing, and/or use WHOIS to find out the owner of the website.
- Back up data on a regular basis.
- Use strong passwords.
- Regularly update applications, operating systems and the entire network’s security.
- Install and update anti-virus software. Build a more sophisticated and secure digital infrastructure.
- Using managed IT such as EndSight to prevent ransomware infection by phishing emails, and by using anti malware tools and proper installation of security patches. Let them regular backup for disaster recovery. They can also help manage a ransomware incident if it happens.
Cyber liability insurance and ransomware coverage
Buying cybersecurity insurance policy that covers ransom money, repair and other extortion-related expenses is a small investment that can save large amounts of money, revenue loss caused by computer downtime, and perhaps most importantly, an entity’s reputation.
Other policies covering business interruption or extortion may also cover losses resulting from ransomware, – talk to us to find out the details.
Notify us, or your insurer before paying a ransom, otherwise it may not be covered.
A true story: a strong tech company made software for schools to track attendance, with a good, strong system that comes with lots of protection and strong controls.
One employee took his laptop to a coffee shop and accessed work from the coffee shop’s free Wi-Fi, and the bad guys got in EASILY!
The Ransomware got in and stayed silent for 3 months, lie-in-wait, undiscovered.
Then it activated, and copied all the files in the system for 3 weeks before it was discovered.
Once the files were encrypted by the criminals, they demanded $600k as a ransom to release.
Fortunately, the school district had bought cyber liability insurance. The insurance company tried to negotiate down to $500k, but the hackers then demanded $700k, $800k, then $1.2mil. The insurance company declined and shut the database down.
It costs the insurance company $500k to re-create the database from paper files, to rebuild the backup.
We are the Extra-milers to protect businesses and properties
The Rick Callaway Team is known as the Extra Milers in protecting your business, employers, employees, and assets. We leave no stone unturned to get you the best deal. No under coverage. No overpricing. Fast turnaround, and most of all, we have board level business acumen for understanding your business operations and customizing coverage. Please call us for a free consultation: 925 788 5558 or email us at: email@example.com.