Ransomware Insurance: Protection from Extortion Damages

Extortion is a nasty business.  It can be performed all too easily, though, if one is well-versed in the dark online arts.

Ransomware is a type of malicious software that cyber criminals use to extort money from organizations all over the world. The cyber attacker injects ransomware into a victim’s computer network, when a user opens an infected email attachment or clicks a link on an infected website.  Once on the user’s computer, the ransomware receives an encryption key from the criminal’s Command & Control (C&C) server, which it uses to encrypt files.

The encryption then blocks user access to files the organization needs. In many cases, ransomware also quickly spreads to other computers on the network, where it finds more files to encrypt. After ransomware locks the files, it posts a note that tells the victim how to pay a ransom to the attacker.

When the victim pays, the cyber criminal’s C&C server tells the ransomware to unlock the victim’s files. The victim can then resume normal operations. However, some ransomware does not decrypt files after a victim pays the ransom, leaving the victimized organization crippled.

Ransomware is becoming very popular with cyber criminals because it can attack any business in the world and is relatively simple to create and use. This was the case with WannaCry ransomware in 2017, which quickly impacted more than 200,000 computers in 150 countries.

One element of a comprehensive strategy to address data security is customized cyber risk insurance. Organizations should carefully review their existing liability policies, such as kidnap and ransom policies, and consider stand-alone cyber risk coverage.

Most cyber insurance policies are modular, which means an organization has a menu of coverages to choose, such as business interruption, third party liability for privacy breaches and first party coverage for an organization’s own costs to detect, stop, investigate and remediate a network security incident.

The experts at The Reschini Group can help you determine the need for ransomware insurance as part of a total cyber security package.  Extortion is a nasty business, but protection can be provided to control the impact on your organization.

Copyright 2018 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.