Ransomware Exposure, Coverage, and the Vulnerabilities that Lead to it
Ransomware is a type of malicious software (malware) that prevents users from accessing systems or critical data.
Any company with cash is a target for cyber extortion.
The objective behind this malware is to perform a cyber extortion threat or scheme. As the name suggests, the attacker, after penetrating and compromising the systems, makes a demand for payment. If the demand is not paid in the specified time frame, the attacker threatens to escalate the extent of the damage. The demand is typically in untraceable cryptocurrency. The attacker also promises to unlock the network or data in exchange for the payment.
The Growing Threat of Ransomware
Net Diligence’s 2020 Spotlight Report on Ransomware concludes that the frequency and cost of ransomware claims have increased in the last 5 years. The study reports that ransomware affects every industry; however, healthcare and professional service firms have been hit more frequently.
Why the increase in frequency? The same report explains that for criminals, this is an easier way to make a penny. Rather than stealing data and then selling on the dark web, criminals have turned to ransomware. Penetrate the systems, lock them, collect the payment; the business model seems to work for the attacker.
Cyber extortion may not be going away for a while, so it’s important to learn about it. In this article, we’re going to review:
- What cyber extortion is
- How vulnerabilities can lead to cyber extortion threats
- The impacts it can have on a business,
- Extortion coverage on a cyber policy
Attackers typically execute cyber extortions using ransomware or a denial of service attack. Cyber extortion occurs when a hacker holds hostage data, computer systems, applications, or websites.
By keeping the systems or data hostage, the hacker has leverage, calculating every move to get a payment. The victim is strapped and unable to carry on with its operations and possibly at risk of having confidential information exposed. Every ransom attack is different, and the organization may not have another option but to pay the ransom demand. Hopefully, the hacker keeps his word to unlock the systems.
Cyber extortion is a top concern among cyber insurance experts due to its frequency and severity.
Common threats are to:
- damage or destroy data
- block access to computer systems or applications
- publicly disclose data
- introduce malicious code
- slow down or interrupt computer systems
Cyber extortion demands
The threat or ransom demand can also escalate if the victim doesn’t pay the ransom demand within a particular time limit. The time limits create added stress for the business while deciding what steps to take during an attack.
There are indications that hackers research their victims before executing an attack. Demands can match the amount that the company holds in cash or their cyber insurance limits. This information may appear in public filings and accessible to anyone, or in the case of private companies, it could mean the hacker has accessed emails.
Targets of ransomware
Any company with cash is a target. The low hanging fruit is a company with network security vulnerabilities that attackers may easily exploit.
Vulnerabilities that expose a business to cyber extortion:
- End-of-Life: running computer systems, applications, or software that is no longer supported or patched. EOL is a target for hackers.
- Missing patches: the vendor updates the product through patches. Attacks may happen between the time when the attacker discovers the vulnerability and the time when the vendor releases the patch.
- Weak passwords: Passwords using proper names, words in the dictionary, or words based on the user or common variations can expose a business to ransomware attacks. Hackers can guess at the password or create a program to attempt possible word and number combinations.
- Untrained Employees: Lack of proper employee training can lead to negligent operation of computer systems, which may increase the exposure to ransomware attacks.
Impacts of ransomware
Ransomware may cripple an organization temporarily if appropriately handled. If handled inappropriately, the organization may not survive the attack at all.
Some of the costs associated with dealing with a ransomware attack include:
- System Rebuild
- Loss of Brand Reputation
- Recreation of Data
- Slowdown and lost productivity or revenue
- Payment of the ransom demand
- Cost of hiring IT Forensics
- Cost of hiring a PR firm if having to notify customers about the slowdown
How Cyber Insurance policies respond to ransomware
Coverage for ransomware attacks varies significantly between insurance providers. Some policies do not include ransomware coverage at all.
You may find the coverage labeled as Network Extortion Threat, or Cyber Extortion Threat or similar terminology. The insuring agreement lays out the specific threats to be made for the event to be covered. Each policy may define an extortion threat differently. Read the definitions carefully.
Check out this article to get a sense of the coverage questions you should be asking when it comes to ransomware.
It’s also essential to examine the cyber policy to understand the support services the insurance company provides. Similar to a Kidnap and Ransom demand insurance policy, the coverage and insured support in a hostage situation go well beyond paying the extortion demand.
When faced with a Ransomware Attack, you may need to:
- Hire a Lawyer. Also called a breach coach, the privacy lawyer determines the proper steps to take when faced with a privacy threat or network security threat.
- Hire IT Forensics. This service can determine the extent of the breach and what weakness caused it. You can think of IT forensics as a crime scene investigator.
- Hire Data Recovery Experts. These experts determine if data may be recovered from backups without having to pay the ransom demand.
In a cyber policy, the insurer typically reserves the right to dictate if the ransom demand should be paid after the experts have analyzed all viable options. It is also essential to understand if the cyber policy will pay in cryptocurrency, or if the insurer will reimburse the insured rather than pay the ransom.
Importance of Knowing the Cyber Breach Response Team
Before buying insurance, inquire about the reputation and expertise of the cyber breach response team that the insurer provides. Regardless of whether the ransom demand is paid or not, if confidential information is disclosed, the organization may be at risk of a lawsuit.
A proper response requires a team of experts to evaluate the situation and determine the best course of action.
The bottom line when it comes to ransomware is that there is no easy way out. One way to deal with an extortion attack is to engage experts immediately. A breach response team is why cyber insurance policies are so much more valuable than just the dollars they pay. The way the event is handled may decide the future of business. Awareness and preparedness of the threat of cyber extortion can also be crucial in surviving an attack.