Ransomware attacks have risen meteorically since the pandemic began. The first half of 2020 saw a 715 percent year-over-year spike in detected and blocked ransomware attacks, according to Bitdefender, a global cybersecurity firm. The shift to remote work by many organizations increased computer system vulnerability, creating a wave of ransomware insurance claims. During the first six months of 2020, Coalition, a provider of cyber insurance, reported a 260 percent spike in ransomware claims, which accounted for 41 percent of the company’s cyber insurance claims. The increase in activity highlights the need for organizations to protect themselves against cybercrime with software, employee training and insurance.
What is ransomware?
Ransomware is a type of malware that encrypts computer systems, devices or files, locking victims out of their own network. It is called ransomware because the cyber criminals who infect your network will then demand that a ransom be paid in order for you to regain access to your systems or data. Systems can be infiltrated when a user clicks a suspicious link in an email or social media or downloads a malicious file.
Ransomware campaigns can be opportunistic or strategic. With the former, which are mostly automated, cybercriminals cast a wide net and attack businesses at random. Conversely, strategic ransomware campaigns target certain companies or groups of companies based on factors such as their industry, known vulnerabilities or ability to pay.
Small and medium professional service firms, such as law firms, IT managed service providers and CPA firms, were the most frequently targeted industry in Q1 2020, followed by the health care and public sectors, according to a report by Coveware, a ransomware recovery and analytics firm. Since the pandemic began, attacks on hospitals and health care providers and public sector organizations such as schools have spiked. The hasty switch to online learning last March left schools vulnerable to attack, according to Coveware.
In the health care sector, the increased reliance on telehealth has similarly provided criminals with more opportunities to strike. Last month, a Joint Cybersecurity Advisory issued by the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation and the Department of Health and Human Services, warned hospitals and health care providers of “credible information of an increased and imminent cybercrime treat” and advised them to take “timely and reasonable precautions” to secure and protect their networks.
Ransoms demanded can range from a couple hundred to millions of dollars. The median ransom payment in Q1 2020 was $44,021, according to Coveware. Victims are typically ordered to submit their payments via cryptocurrencies such as Bitcoin, which are virtually impossible to track. Many organizations wind up paying the ransom, which usually results in their files being unlocked, but there’s no guarantee this will happen or that the criminals will not target the company again. In addition to the ransom itself, the victim has to deal with costs associated with business interruption, network restoration, and reputational harm and mitigation.
Protect against attacks
Companies need to take a multi-faceted approach to protect themselves against ransomware attacks. This includes evaluating and fortifying firewalls and other protective software, as well as creating and maintaining backups of critical systems and files and housing them offline from the network. Creating a cyber incident response plan, training employees on cybersecurity threats and restricting users’ permission to install and run software applications can also make your organization safer.
Cyber risk insurance
Cyber risk insurance (in addition to a general liability policy) is an important element of protecting your organization from ransomware attacks. Make sure the policy includes protection for cyber extortion, which provides coverage for payments demanded by cyber criminals, and data restoration, which pays for restoration costs resulting from a security breach. When there is a claim on a cyber risk policy, the insurer makes the final call on whether to pay the ransom. If the insurance covers the loss, the insurance company will send in specialized teams to handle the recovery effort and pay for the costs of network recovery and lost income.
If you need advice concerning a claim under your cyber risk insurance and/or other commercial liability coverage policy, don’t hesitate to contact us today for a free consultation.
Evan S. Schwartz
Founder – Schwartz, Conroy & Hack, PC