Introduction to Ransomware Protection Insurance

Overview:-

Organisations are dealing with an increasing amount of ransomware-based cyber extortion. Since the epidemic started in 2020, both the number of incidents and the average amount of ransom demanded have increased significantly. Small firms have been the most severely affected, with an average of $1.8 million in claims severity and a 71% spike in ransomware frequency in 2021*.

Preventing ransomware is now as crucial than ever. Organisations need more than just traditional defences like firewalls and virus scans to be completely secure. The sophistication of assaults, the distant nature of workforces, and the increasing outsourcing of operations, coupled with reliance on supply chains and third-party vendors, have all increased the vulnerability of organisations to ransomware attacks.

What is Ransomware?

1. Pay the ransom and decrypt the files,
2. Restore the computers from backups, or,
3.Recreate the data from scratch.

Why does a ransomware attack matters ?

A profitable industry of its own has emerged from the cyber epidemic known as ransomware. Hackers now target companies instead of individuals since the latter are more able to afford the higher ransom demands. With an average of over $760,000 per victim, the ransomware gang Conti generated $180 million in 2021 from extortion payments.

Even worse, there is no assurance that a victim’s files would be decrypted and restored even after paying the ransom. Occasionally, victims find out that a large portion of the original data is missing, or they never receive the keys. According to a poll conducted in 2021 by the international cybersecurity company Sophos, only roughly 8% of ransomware victims who paid the ransom were able to get all of their encrypted data back after the attack.

In order to maximise the chance of receiving a ransom payment, contemporary ransomware is made to propagate throughout a network and infect as many computers as it can, rendering an entire organisation useless. Attacks are becoming more frequent and larger, so companies can no longer ignore them as the domain of IT or security departments.

How does a ransomware infection occur?

Ransomware is a type of cybercrime that attacks victims through a number of methods, usually via phishing emails, Remote Desktop Protocol (RDP) infiltration, or software flaws.

1.Remote Desktop Protocol
RDP software makes it possible for everyone working remotely or from outside the company to remotely access the internal network, including IT staff members and remote workers. But this can also provide hackers with an opening, particularly if staff members connect using sloppy or frequently used passwords.
2.Phishing emails
Phishing is the practise of cybercriminals creating and distributing emails that appear authentic, typically pretending to be a business or colleague you know and trust, but actually contain links or files that contain dangerous code, such a Trojan virus. Common Office documents, such as resume submissions, can incorporate it. Malware encrypts user files, replaces them with unfamiliar file extensions, and attaches a ransom note to them when an unsuspecting user clicks the link or attachment.
3.Applications with an external interface
Criminals can also search the internet for companies that use open-access, susceptible apps, such as web servers, firewalls, VPNs, and more.
4.Quick downloads
Certain threat actors create their own websites by employing deceptive techniques such as typo-squatting, which involves impersonating a trustworthy website, or even breaking into a website that is real and inserting malicious code that, when a visitor clicks on a link, releases ransomware.
Software vulnerabilities
Certain businesses or organisations utilise outdated software that has expired support or is free. These apps frequently include known vulnerabilities that, if unpatched, could give threat actors access to the company’s computer networks and enable them to carry out a cyber-extortion plan. Major criminal organisations provide Ransomware-as-a-Service (RaaS), which is the practise of renting out malicious source code or variations to independent threat actors, hence increasing the frequency of threats. Because of this, small firms are now even more vulnerable to ransomware, as less experienced attackers can easily target anyone due to the low entry cost. Phishing emails and vulnerability-based assaults are two ways that ransomware can infiltrate a system, encrypt data, and demand a ransom.

What are some instances of ransomware?

1.America’s Kia Motors
Its operations were suspended due to an IT disruption brought on by a ransomware attack. Extortionists first requested $50 but eventually settled for $20 million after leaking some private information as a demonstration.
2.JBS
The $11 million ransom was paid by the biggest meat processor in the world, who justified the payment by saying it would stop additional food supply problems.
3.Police Department of Washington, D.C.
The cybercriminals sought $4 million. Thousands of confidential data, including intelligence reports and police officer disciplinary files, were made public by the gang after their demand for blackmail was rejected.
4.Numerous healthcare organizations
According to a report from 2021, fraudsters are causing interruptions to care and EHR outages by targeting small clinics in addition to major hospitals. Even worse, 4% of respondents in the healthcare sector stated that a ransomware attack on their facility increased patient fatality rates.

Does insurance cover ransomware? (Is insurance coverage available for ransomware?)

Because ransomware has become such a widespread threat to all businesses, having coverage against it is one of the most crucial aspects of having cyber insurance. Since the insurance industry understands the significance of this cyber risk, ransomware is covered by the majority of cyber insurance policies, along with the amount of the ransom demand. Along with paying for digital forensics, expenses associated with recovering and restoring stolen assets, and even lost income from business disruption. In order to assist the policyholder in navigating the many legal and regulatory ramifications, including notification requirements and associated cyber liability, cyber coverage may or may not include legal costs and expenses. Our team of legal professionals works closely with Coalition policyholders who are affected by ransomware to identify appropriate breach response suppliers and work towards resolving a cyber catastrophe. Our experts may even participate in phone calls.

Insurance firms and most clients desire to stay away from paying ransoms. When it comes to funding and incentivizing criminal actors to attack more organisations and disseminate ransomware, the FBI actually warns avoiding paying a ransom. In situations where assets may be recovered without having to pay ransomware, the insurance coverage may compensate for both the expense of recovering data from backups and extra damages for lost profits.

Sometimes assets cannot be restored, particularly if backups were not current or available. In this instance, the policyholder and the cyber insurer will collaborate to decide whether to pay the ransom and what constitutes coverage. The ability of breach response specialists and negotiators to frequently lower ransom requests is another benefit of ransomware insurance. It is imperative that businesses make use of professional resources that come with insurance, as the average initial ransom demand in 2021 is expected to be $1.8M.

Businesses who are examining the cyber insurance industry have a wide range of options to choose. Organisations should carefully review and compare coverage terms, sub-limits, clauses, and any potential exclusions that may limit coverage in the case of a ransomware or extortion attack before acquiring a cyber insurance policy.