Ransomware – Payment is only the first cost

By Patrick Olohan

Ransomware – Payment is only the first cost

So far this year, ransomware attacks have topped the list of cyber-incidents plaguing organizations. In these attacks, hackers break into systems and encrypt all data, effectively preventing access without a special code key. Getting that key, and your data back, is where the ransom comes in.

Think your organization is not large or prominent enough to be a target? Read the stories a bit more closely.

So far in 2018, the crippling attack on the City of Atlanta has become the most high-profile reminder that no organization is safe from these attacks. By most reports, Atlanta is still recovering from the March event. While costs incurred are estimated to be north of $2.5 million, the requested ransom was only about $50,000 worth of bitcoin.

Clients will occasionally question the value of a cyber policy, especially when ransomware extortion amounts are typically only $25,000-$50,000 and most policies have a self-insured deductible of $50,000.

The answer is two-fold. First and most importantly, payment is only the first cost of a ransomware attack – even if you get the key and your data back. Secondly, much of the value of a properly structured cyber policy is found in the immediate access it provides to experienced vendors, at preferred rates, to help investigate the incident and get your company back up and running.

Think about this hypothetical incident. An employee at ABC Corp unknowingly clicks on a malicious link resulting in all data on the network being quickly encrypted and inaccessible. Even worse, the data has not been backed up in a month; putting a month’s worth of critical data at risk of loss and bringing operations to a potential standstill. The attackers are seeking $50,000 worth of bitcoin.

Fortunately, ABC Corp has a proper cyber policy in place which includes provision for cyber extortion.  After a quick discussion with their broker, and consultation with their insurer, ABC Corp is able to begin actively working with appropriate specialty vendors to secure and deliver bitcoin payment. Upon payment, ABC Corp is given the key to regain access to their data.

Having already engaged their insurer about the incident,  ABC Corp is prepared to deploy a leading forensic investigation team to determine the root cause and scope of damage caused by the ransomware event. This investigation reveals that a week’s worth of data on one server was corrupted and will need to be restored. ABC Corp’s cyber policy was structured to include coverage that absorbed the cost of having a third party restore this corrupted data.

All totaled, ABC Corp ultimately spends in excess of $200,000, plus the cost of a business interruption loss, due to the system disruptions.  

Without the ability to quickly connect with the appropriate experts, the fallout from ransomware events can easily escalate to the $2.5M-plus scenario faced by the City of Atlanta. Peace of mind in a moment of crisis comes from knowing you have the appropriate tools to manage the situation, cover your costs and come out whole.