Ransomware is big business. In 2017, ransomware resulted in $5 billion in losses, both in terms of ransoms paid and spending and lost time in recovering from attacks.
That’s up 15 times from 2015.
Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
Watch the video below or keep reading to learn more…
What is Ransomware?
Ransomware is a form of malware (computer virus) that encrypts a victim’s files. Essentially your computer and/or network systems become unusable.
The attacker then demands a ransom from the victim to restore access to the data upon payment.
When business owners agree to pay they are given a decryption key to unlock their systems. The costs can range from a few hundred dollars to thousands (or even hundreds of thousands), payable to cybercriminals in Bitcoin.
With ransomware attacks on the rise, the role of insurance is becoming more robust.
So much so, that ransomware coverage, which has been traditionally been an endorsement within cyber liability policies, has been approved as a stand-alone cyber policy by some insurance carriers.
Who is a target for ransomware?
There are many different reasons for why cybercriminals choose the businesses they target with ransomware.
Sometimes it’s a matter of opportunity: for instance, attackers might target universities because they tend to have smaller security teams and a wide-spread, remote user base that does a lot of file sharing, making it easier to penetrate their defenses.
Some organizations are tempting targets because they seem more likely to pay a ransom quickly. For instance, government agencies or medical facilities often need immediate access to their files.
Law firms, accounting firms, and other organizations with sensitive data may be willing to pay to keep the news of a ransomware attack quiet and pay quickly because of the reputational hit.
How Does ransomware Work?
There are a number of different versions of ransomware attacks.
One of the most common delivery systems is phishing spam. These attacks involve attachments that come to the victim in an email, masquerading as a file they should trust.
Once the file is downloaded and opened, the executable file can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.
There are also more aggressive forms of ransomware that can exploit gaps in computer security to infect computers without needing to trick users.
What Does Ransomware Do Inside Your System?
Once ransomware has taken over your computer, the most common action is to encrypt some or all of your files.
You then cannot get access to your files without a mathematical key known only by the attacker. You are then presented with automated messaging explaining that your files are now inaccessible and will only be decrypted if you send an untraceable Bitcoin payment to the cybercriminal.
According to CS Online, other forms of ransomware will claim to be a law enforcement or government agency shutting down your computer due to the presence of pornography or illegal software, and demanding the payment of a “fine.”
There are also attack variations, called leakware, in which the attacker threatens to publicize sensitive data on your hard drive unless a ransom is paid.
What to Look for in Ransomware Coverage
Ransomware, (whether including in a cyber liability policy or as a stand-alone), is NOT a standardized coverage.
This means what is covered and how it is covered can vary wildly from policy to policy. The key is to look for ransomware coverage that uses broad terminology and protects against a wide range of threats.
Here are a few threats you want your ransomware policy to cover:
- Access, sell, disclose or misuse data stored on your network, including digital assets.
- Alter, damage, or destroy software or programs.
- Introduce malicious software, including viruses and self-propagating code.
- Impair or restrict access. Look for policies with broad terms like, “threats to disrupt business operations.”
- Impersonate the insured in order to gather protected information from its clients, also known as pharming or phishing.
- Use your network to transmit malware.
- Deface or interfere with your company’s website.
Ransomware Coverage Policy Terms
Since cyber insurance isn’t standardized, choosing a plan that effectively covers ransomware can be a challenge.
Policies can vary substantially in their language and coverage options, so we recommend policies that, at a minimum, provide coverage for extortion demands and payments as well as lost income resulting from an attack.
Here are a few terms and definitions particular to a ransomware that you should be aware of:
- Sub-limits and deductibles—Most policies set a sub-limit for covering ransomware. It is important to review this limit carefully, considering that demands may start on the low side, but can increase quickly.
- Payment terms—Most policies require prior written consent before the insured can pay any ransom. This can result in payment delays and increased demands by the hackers. If an organization pays a ransom in order to resume business, without prior written consent by the insurer, there’s a chance that it may not be reimbursed.
- Definition of extortion—It is important for organizations to fully understand and agree with their insurance company’s definition of extortion, since the definition dictates the trigger for coverage.
Understanding the differences between standard insurance policy language and the language specific to a ransomware policy is why choosing the right insurance professional for your cyber insurance is so important.
There are many nuances that can be lost on the generalist.
Ransomware is a growing problem. This has never been more true with businesses moving to remote work in record numbers.
While some types of businesses are higher risk, (45% of all ransomware attacks target healthcare organizations), no one is safe if cybercriminals view your business as an easy target.
Anti-virus software and solid risk management is not enough.
To protect the longevity and sustainability of your business you need a cyber liability policy which includes ransomware as a backstop in the event an attack happens.
At Rogue Risk, we specialize in cyber insurance, work with over 7 of the top cyber liability insurance carriers in the world and can turn a quote around in minutes.
If your current insurance professional has never addressed cyber liability insurance with you before, then I’d encourage you to reach out to us today.
I look forward to introducing you to a new way of viewing your insurance program.