On Friday, May 7, 2021, a cyber attack forced the shutdown of a major gas pipeline in the United States that supplies 45% of all fuel consumed on the East Coast.
Colonial Pipeline proactively took some systems offline to contain the threat, which temporarily halted all pipeline operations and affected some of their IT systems. In addition, the company hired an external cyber security company to investigate the nature and extent of the attack and also immediately contacted law enforcement agencies and federal agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
Eric Goldstein, from CISA, issued a statement saying they were working with the Colonial Pipeline to resolve the situation.
“This [attack] underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage all organizations to take steps to strengthen their cyber security position in order to reduce their exposure to these types of threats.
Not only does this attack mark the rise of ransomware attacks and their sophistication, but also the fact that a proper cyber response plan and insurance coverage are essential. Furthermore, stand-alone cyber policies covering ransomware are becoming more necessary than ever before.
Ransomware is a type of malware that infects a computer and either prevents it from functioning properly or prevents access to certain files until the user pays a ransom. Usually, the hackers behind the ransomware demand bitcoin ̵
Companies of all sizes have become targets for ransomware, as it can not only infect personal computers but also entire networks and
How Ransomware Can Spread
There are various ways that ransomware can be spread, including the following:
- Visit fake or unsafe websites
- Open emails or email attachments from unknown sources
- Click on suspicious links in email or on social media
What Ransomware does to your computer
There are two main types of ransomware that can hold computer systems hostage:
- Ransomware on the lock screen works by displaying a window on the computer lock screen that attempts to prevent access to the computer. The message on the lock screen may even claim that it comes from the federal government and accuses the user of violating a law and demanding a fine.
- Encryption ransomware works by keeping the computer available but encrypting certain types of files, making them unreadable. The files most often affected are those that contain sensitive information and are assumed by the hacker to be the most valuable. When people try to access the files, they see a pop-up screen instructing them to purchase a private decryption key that can decrypt the encrypted files.
How to respond
Some operating systems contain instructions for responding to locks. screen ransomware, although the results are not guaranteed. However, encryption ransomware has no quick fix but an encryption key, which only hackers usually have access to.
No matter what type of ransomware, experts recommend not paying ransom. After all, there is no guarantee that you will regain access to your computer, network or files after paying. In addition, by paying ransom, you can encourage future cybercrime.
If your business is affected by ransomware, take the following steps:
- Report the incident to your local FBI office
- Send a complaint to the Internet Crime Complaint Center
- Restore backups of files, if you have them  Check your insurance coverage to see if it covers the cost of ransom paid and lost companies
What to do if you have already paid ransom
Because companies can be stopped without access to essential information, entrepreneurs are often tempted to pay redemption to quickly regain access. If you have paid the ransom, contact your bank and call the police as soon as possible. Credit card companies may be able to block the transaction and refund you if you contact them immediately.
The Federal Trade Commission & # 39 ;s OnGuard Online website is a great resource for more tips on what to do if you are affected by ransomware or any other type of Internet fraud.
How to protect your business
Cyber blackmail from ransomware is a legitimate threat to any business – regardless of size. The best way to prevent this is to keep confidential information and important files securely backed up in a remote location that is not connected to your main network.
In addition to backing up your files, the following precautions can help keep your information safe and prevent you from becoming a victim of cyberattacks:
- Teach your employees about ransomware and the importance of preventing it
- Show your employees how one discovers suspicious emails and attachments. See for example for bad spelling or unusual symbols in e-mail addresses
- Develop a protocol for reporting incidents of ransomware and other suspected cyber activity
- Develop a schedule for regular backup of sensitive business files
- Update company software as soon as possible new updates are released. By doing so, you can correct security issues that cybercriminals depend on and avoid becoming an easy target
- Buy cyber liability insurance that not only helps you respond to threats but can also help cover the cost of redemption and any other losses as a result. of cyber blackmail
Since cyber insurance is not standardized, organizations should review the entire policy language with one of our insurance advisors before choosing a plan that effectively covers ransomware. Policies can vary considerably in terms of language and coverage options, so we recommend policies that at least provide coverage for extortion claims and payments as well as lost revenue as a result of an attack.
Organizations should also take a closer look at the following definitions, terms and conditions when choosing a policy:
- Sublimits and deductibles – Most policies set a sublimit for covering ransomware. It is important to examine this limit carefully given that the requirements may start on the low side but may increase rapidly. Since making a redemption payment can make organizations a target for subsequent redemption claims within the insurance year, the deductible amount should reflect that risk.
- Payment terms – Most insurances require prior written consent before the insured can pay any redemption. This can result in payment delays and increased demands from hackers. If an organization pays a ransom to resume business without the prior written consent of the insurer, there is a chance that it will not receive compensation. Therefore, organizations must be comfortable with the terms of a policy to avoid compromising coverage.
- Blackmail Definition – It is important for organizations to fully understand and agree with their insurance company's blackmail definition, as the definition dictates the trigger for coverage. . For example, even if hackers may intend to sell or misuse information, the redemption requirement can only mean a countdown timer and the demand for money. Although the combination of the two may appear to be an obvious threat to the insured, a carrier may deny coverage on the grounds that there was no explicit threat to sell or misuse information – all because of its unique definition of extortion.
What to look for in a policy
Companies should look for ransomware coverage that uses broad terminology and protects against a wide range of threats, including threats, to do the following:
- Access, sell, disclose or misuse data stored on your network, including digital assets
- Modify, damage or destroy software or programs
- Introduce malware, including viruses and self-propagating code
- Impair or restrict access. Look for policies with broad terms such as "threat to disrupt business"
- Imitate the insured to collect protected information from their customers, also known as pharmacies or phishing
- Use your network to transmit malicious code
- Deface or Disrupt Your Business Website
The Importance of Risk Management
Ransomware insurance is most effective when combined with a proactive risk management program, as there are many components in the fight against cybercrime. Business owners should work with one of our licensed advisors to review all applicable options before choosing cyber coverage.
Do not let ransomware – or any form of cyber exposure – threaten your business.
Contact CoverLink Insurance today to learn more about available cyber policies and effective risk management techniques to protect your organization from ransomware attacks.