WannaCry ransomware is bringing cyber extortion to the forefront. More than 200,000 computers1 appear to have been infected by the malicious software, which exploits a known, patchable vulnerability in Microsoft Windows computers that leads to the encryption of most file types. To regain access to the files, WannaCry reportedly demands that the user pay $300 in bitcoins. If the user doesn’t pay in three days, the amount doubles to $600. After seven days, all of the encrypted files and data are lost.2
Millions of computers using Microsoft Windows operating systems are potentially still vulnerable. WannaCry is particularly dangerous because, after encrypting files, it reportedly attempts to spread to computers on the same network and to other connected computers.
So how can your insureds look to protect themselves from WannaCry? Here are a few cybersecurity tips:
- Be careful what you open: WannaCry, like many other ransomware programs, was initially distributed by e-mail. Restraint in opening attachments and links from unverified sources is a first line of defense.
- Keep your systems up to date: The WannaCry worm took advantage of a known vulnerability in Microsoft Windows, for which Microsoft distributed a patch in March 2017. Using up-to-date operating systems and implementing automatic or frequent patching can minimize risk.
- Back up your data: Maintaining offline, unconnected data or system backups can help provide a safety net if an event occurs.
- Have a plan in place: Putting a business continuity and disaster recovery plan in place can minimize stress and help reduce loss at the time of the event.
How cyber insurance can help?
If a company falls victim to a cyber extortion event like WannaCry, the costs can quickly escalate. In general, cyber insurance can help offset many of the costs a company might incur, including:
- Hiring a security firm: The fees and costs of hiring a security firm to assess an extortion threat can be significant. Cyber insurance can help offset costs to determine the validity and severity of an extortion threat.
- Ransom payments: Ransom payments and interest costs incurred on any loan required to pay a ransom demand can be substantial. Cyber insurance can enable the insured to meet a ransom demand and get back to business potentially offsetting any undue financial strain.
- Reward payments: Victims sometimes need to offer a reward to obtain information leading to the arrest and conviction of the attacker. If an external informant’s identification of the attackers leads to their arrest and conviction, cyber insurance can potentially cover the reward payment.
- Improved security: Many assailants are increasingly attacking companies multiple times. A security firm might recommend steps to help increase a company’s data security. This helps protect companies from repeat events that might otherwise occur, and some of these expenses can often be covered by insurance.
- Lost income: A ransomware attack can force a company to shut down for a period of time. Cyber insurance can often cover business income lost from downtime that resulted from the extortion event.
At ISO, we have developed a cyber insurance program that can help insurers address extortion and a wide range of other risks their policyholders face. We’re expanding our program this year with a new policy form primarily designed for small and medium-size businesses and a completely updated pricing model. To learn more, e-mail firstname.lastname@example.org.