18 May 2017 • 3 min read

The aftermath of a ransomware attack

The first reports of the attack came from the UK National Health Service (NHS), where hospitals and doctors were forced to turn away patients and cancel appointments. Reports then quickly spread to railway ticketing systems in Germany, telecoms giant Telefonica in Spain, FedEx and Renault who had to shut down...

iTOO

iTOO

The aftermath of a ransomware attack

While the ransom demand is not exorbitant – $300 in bitcoins it’s the consequential damages that should have companies concerned. Lost earnings due to business interruption, increased cost of working including for IT specialists to recover operations, forensics to determine potential additional compromises as well as crisis communications and PR to minimise reputation impact, this is where the real costs and damages lie. Costs and damages which accumulate at an alarming rate. A key item highlighted by the attack is the reliance we have on systems and data and the impact that a disruption in access to these systems can have on all aspects of our lives.

Many South African companies believe they are too small to be targeted by a hacker. But the hacker in this instance doesn’t select the victim; it’s all automated and completely random.

To make matters worse, ransomware has the ability get into almost any environment with relative ease, and not just through email attachments. These days you can pick up ransomware simply by plugging in a USB device or browsing the internet, among other things.

Can attacks be avoided?

Are there things we can do to reduce the risk of a ransomware attack? Sure. In fact, the latest attack could have been avoided quite easily. Microsoft released a patch to address this vulnerability in March 2017. Unfortunately many companies did not apply the patch that would have hampered the spread of the ransomware.

In addition reports are that the WannaCry originally spread via email. If this is the case training, awareness and vigilance with regards to email security could have gone a long way to prevent this as well as many other ransomware attacks.

Can cyber insurance help?

Hackers and cyber criminals are becoming more and more sophisticated and businesses would be well advised to ensure they have insurance in place to cover any losses they may incur as a result of an attack on their digital assets.

When assisting your clients to put cyber insurance in place, make sure the following points are covered:

  • Costs for security and forensic specialists to determine if your data can be recovered without paying the ransom.
  • If recovery is not possible and there aren’t adequate backups, the policy should go as far as covering the actual ransom demand. These demands can be well over R1 million.
  • Insurance should also cover costs of determining how the ransomware got into the environment in the first place, and how to prevent it from happening again. There is also a chance that the ransomware is just a smokescreen for something far more insidious, which a forensic audit will detect.
  • The policy should extend to cover loss of earnings and increased cost of working as a result of an attack.
  • There should also be the option of cover for public relations and crisis communication to contain reputational damage.
  • In addition, there may be a need to cover defence and settlement of third-party liability claims.

ITOO Special Risks offers a comprehensive cyber policy that covers all of these bases, and more!

We work closely with you and your clients to establish bespoke risk management practices and relevant cover to ensure peace of mind before, during and after any potential cyber attack.

Cyber crime is here to stay, and everyone is vulnerable!

More disruptions feared from global cyberattack

For more information contact Ryan van der Coolwijk | +27 83 7944332 | ryanv@itoo.co.za