Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ransomware Insurance Is Coming (onthewire.io)

Posted by BeauHD on from the times-are-changing dept.

Trailrunner7 quotes a report from On the Wire: As bad as the ransomware problem is right now -- and it's plenty bad -- we're likely only at the beginning of what could become a crisis, experts say. "Lots of people are being infected and lots of people are paying. The bottom line its it's getting worse and it's going to continue to do so," Jeremiah Grossman, chief of security strategy at SentinelOne, said during a talk on the ransomware epidemic at the RSA Conference here Monday. "Seven-figure ransoms have already been paid. When you're out of business, you'll pay whatever you have to in order to stay in business. You're dealing with an active, sentient adversary." The ransomware market seems to be headed in the same direction as real-world kidnapping, where high-profile targets take out insurance policies to pay ransoms. Grossman said it probably won't be long before the insurance companies latch onto the ransomware game, too. "The insurance companies are going to see a large profit potential in this. Kidnapping and ransom insurance is still very boutique. This economic model will probably apply equally well to ransomware," he said. According to The FindLaw Corporate Counsel Blog, "Ransomware attacks fall under your cyber insurance policy's 'cyber extortion' coverage and can generally be considered "first-party" or "third-party" coverage, according to Christine Marciano, president of Cyber Data Risk Managers. Third-party coverage would likely leave a company uninsured when they are the victims of a ransomware attack. Even if your insurance policy covers ransomware attacks made against your company, the deductible may be so high that the company will be stuck paying any ransomware demands out of pocket (should the company decide to pay to decrypt its data). And your coverage may be sub-limited to relatively small amounts, according Kevin Kalinich, the global cyber risk practice leader for Aon Risk Solutions. A $10 million policy may only provide $500,000 for cyber extortion claims, he explains."

56 of 86 comments (clear)

  1. Fool-proof insurance policy by WaffleMonster · · Score: 4, Informative

    BACKUP YOUR SHIT

    1. Re:Fool-proof insurance policy by Xenographic · · Score: 2

      You'd think that good backups would be better insurance, but far too many firms simply don't have good backups. Or worse, they think they have backups and they've never really tested the restore process and wait for an emergency to find out it doesn't actually work...

    2. Re:Fool-proof insurance policy by PolygamousRanchKid+ · · Score: 2

      "Nothing can be made fool-proof, because fools are so ingenious."

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    3. Re:Fool-proof insurance policy by Anonymous Coward · · Score: 1

      If those backups are accessible on same network and no copies offsite, the ransomware will eat those up too

    4. Re: Fool-proof insurance policy by dougdonovan · · Score: 1

      laughing with you ...

    5. Re:Fool-proof insurance policy by networkBoy · · Score: 2

      Or the backups are good and tested, but are on-line disk backups and also get encrypted...

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    6. Re:Fool-proof insurance policy by taustin · · Score: 3, Insightful

      In my professional opinion, that would not qualify as a good backup.

    7. Re:Fool-proof insurance policy by Tablizer · · Score: 1

      BACKUP YOUR SHIT

      And

      1. Test backups regularly
      2. Put the most recent copy in at least two geographically diverse locations (as insurance against regional disasters).
      3. Store the archive versions in at least two different locations, perhaps rotating the target if there's not enough space.
      4. If it's encrypted (probably a good idea), also make sure the encryption key is stored in multiple spots.

      Example schedule with 3 locations:

      LOCATION 1:
      - Last night's
      - 1 week ago
      - 4 weeks ago
      - 7 weeks ago
      - 10 weeks ago
      - etc...

      LOCATION 2:
      - Last night's
      - 2 weeks ago
      - 5 weeks ago
      - 8 weeks ago
      - 11 weeks ago
      - etc...

      LOCATION 3:
      - Last night's
      - 3 weeks ago
      - 6 weeks ago
      - 9 weeks ago
      - 12 weeks ago
      - etc...

      Archives older than roughly 3 months perhaps should be staggered monthly, and then yearly after about 2 or 3 years if the space is expensive.

      --
      Table-ized A.I.
    8. Re:Fool-proof insurance policy by FatdogHaiku · · Score: 2

      My take on that is:
      "Nothing can be made fool-proof, because fools are so ubiquitous."

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    9. Re:Fool-proof insurance policy by bartle · · Score: 1

      BACKUP YOUR SHIT

      It is worth considering that for a large company, perhaps with several thousand workstations, it may be more cost efficient to pay the ransom and get their systems back online within a day rather than overworking their IT staff in the hopes of getting their machines back after a week. Even if the company has full data backups, they may not have the staffing required to wipe and reinstall every computer in a reasonable amount of time.

    10. Re:Fool-proof insurance policy by Mashiki · · Score: 1

      That's a good plan, unfortunately in many cases getting companies or even government to pay for it is next to impossible. I know of local and parts of provincial governments here in Canada that use 7-day round-robin backups, and there is no off-site backups at all. And it's because they believe it's a "waste of money" and any type of loss of the data is impossible.

      --
      Om, nomnomnom...
    11. Re:Fool-proof insurance policy by KiloByte · · Score: 1

      Even if the company has full data backups, they may not have the staffing required to wipe and reinstall every computer in a reasonable amount of time.

      How hard is it to plop in boot media and run a script? You have all the rest automated, so all it takes is a few lines of shell, right?

      Even special snowflake machines should back up to the common place, so they're not that different.

      And if you're instead using some commercial "solution", well, then you're already used to pay the inadequacy tax.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    12. Re:Fool-proof insurance policy by freeze128 · · Score: 1

      Why is that situation even a thing? I know it happens, I have seen it happen. My question is: Why are backups so finicky? I would think that if you copy a bit to another type of media, it would ACTUALLY BE THERE so it could be restored. Why do backup manufacturers allow this to happen?

    13. Re:Fool-proof insurance policy by lbates_35476 · · Score: 1

      You are correct that regular CIFS shares (external USB/eSATA hard drives, shares that are accessed with user level security) don't work against the REALLY ugly versions of ramsom ware. My company (shadowsafe.com) found out years ago that this can be solved by placing your backups on a device that isn't accessed by any regular users and only by the application taking and maintaining the backups. You, of course, also need offsite copies of things, but that protects against a different set of events.

    14. Re:Fool-proof insurance policy by allo · · Score: 1

      When you decide to get an insurance, you can decide to get a backup. the problem firms are those, who don't think about the problem at all.

  2. Security crash course by Anonymous Coward · · Score: 1

    As long as the insurance companies put in a mandatory security training course to qualify for this, I'm okay with it. Why do people still open unknown executables in emails?

    1. Re:Security crash course by fisted · · Score: 1

      because wtf is an "executable", fuck off with your computer shit.

      --
      CLI paste? paste.pr0.tips!
    2. Re: Security crash course by dougdonovan · · Score: 1

      fisted, turn your computer off. go back to the ink pen and paper.

    3. Re: Security crash course by fisted · · Score: 1

      whoosh.

      --
      CLI paste? paste.pr0.tips!
  3. Not a bad idea at all by Anonymous Coward · · Score: 1

    Insurance companies are experts in mitigating and evaluating risk - It's literally their job.

    In order to get insurance, insurance providers will require their customers to educate their staff and ensure they have a minimum baseline of security.

    The very basic, most bare of security practices reduce ransomware's impact to an annoyance. Separation of privileges, backup, software updates, email attachment filtering - You know stuff you should be doing already.

    1. Re:Not a bad idea at all by Falos · · Score: 1

      >ensure they have a minimum baseline of security.
      NO, that's victim blaming, people can do jack all, or even worse than nothing, and should still be morally indemnified. And financially. Because they have zero culpability.

  4. Do payments work? by DidgetMaster · · Score: 1

    What guarantees does anyone paying a ransom get that they will be able to unlock their data? If you are dealing with ransomware, you are dealing with crooks who don't have any morals whatsoever. Once they get payment, why wouldn't they just let you twist in the wind? Many kidnappings are the same. You pay the ransom and you still get a dead or missing relative.

    1. Re:Do payments work? by fisted · · Score: 4, Insightful

      If word gets out that paying doesn't help, then people will stop paying.
      These are trustworthy criminals that have a reputation to lose.

      --
      CLI paste? paste.pr0.tips!
    2. Re:Do payments work? by Anonymous Coward · · Score: 3, Insightful

      What guarantees does anyone paying a ransom get that they will be able to unlock their data?

      None. But ransomeware is generally not a one-off thing, the people who make and distribute it are career criminals. It's in their best interest to restore your data. If a particular brand of ransomware builds a reputation for being dishonest, then nobody's going to pay the unlock fee.

    3. Re:Do payments work? by Solandri · · Score: 1

      The problem isn't the integrity of the ransomware author. The problem is that long after the author has moved on to other things (or been arrested, or assassinated), the ransomware virus is still out there, still spreading, still infecting new systems, and still scrambling data.

      It's like royalties from little-known songs that someone wrote a decade ago. If some trickle in, it's "oh that's nice" money. There's no incentive for the songwriter to maintain or improve that old product. It doesn't encourage him to write new songs or release a newly edited version of the old song.

      If you're lucky the server for that particular ransomware virus was shut down by the authorities or white hat hackers, and you can get a master key to decrypt your stuff. If you're unlucky, your data is as good as deleted. Paying money into an anonymous bitcoin account won't get you anything.

    4. Re:Do payments work? by cyberchondriac · · Score: 1

      I think insurance companies for this kind of thing are just a colossally bad idea. Now it positively screams "lucrative!" to the ransomers, as victims will be far more willing to "pay" since it's covered by insurance. The amount of ransom demanded will increase as well.

      Instead they should be concerning themselves with better security, training, and backups. That wouldn't have to cost any more than the insurance premium.

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
  5. Re:Ransomware Insurance Is Coming... by Mr+D+from+63 · · Score: 2

    And then next step is ransomware insurance fraud.

  6. Re:Ransomware Insurance Is Coming... by djrogers · · Score: 1

    And unlike so many other forms of insurance fraud, this would be easy to do, near-impossible to prove, and without the nasty long-term repercussions that things like arson come with...

    --
    Think outside the... Hey, where'd the friggin' box go?
  7. It will probably be successful by Jfetjunky · · Score: 1

    I know the best insurance is having competent IT pros that can make ransomware no more than a minor inconvenience, but I suspect there are many small/medium businesses that would find this a cheaper alternative than staffing such a department.

    1. Re:It will probably be successful by wbr1 · · Score: 1

      Fuck that. Find a good, reputable MSP. Hate to sound like an infomercial,but my small MSP firm serves small biz. For less than 70 USD per PC per month you get encrypted cloud backups with, if desired, local mirror, world class AB, web filtering, event monitoring, free virus removal, etc. All at a set fucking cost. It's a no brainier.

      --
      Silence is a state of mime.
  8. Think Big by avandesande · · Score: 1

    Idiot insurance

    --
    love is just extroverted narcissism
  9. Re: Don't run Windows. by jcr · · Score: 2

    had an admin go rogue

    If you know who the perp is, there's all kinds of options available.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  10. What could possibly go wrong by Dunbal · · Score: 3, Insightful

    1. Back up your data

    2. Install the ransomware yourself on the computers.

    3. Cash in on insurance policy

    4. Reinstall data from backups.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:What could possibly go wrong by wbr1 · · Score: 3, Insightful

      You can bet the insurance company will have digital forensics engineers on hand for any large payout. Local it will be in support, not supervisory roles.

      --
      Silence is a state of mime.
    2. Re:What could possibly go wrong by KiloByte · · Score: 2

      But how will those "digital forensics engineers" tell an idiot user clicking on an attachment from this being done intentionally by someone with enough brains to log in as the former?

      I guess the insurance company will just randomly deny payments with a bullshit excuse, like they usually do.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    3. Re:What could possibly go wrong by AmiMoJo · · Score: 1

      Exactly, many companies get several ransomware viruses by email a day. All one needs to do for insurance fraud is to "accidentally" open one.

      Chances are the policy requires you to take reasonable steps to protect yourself, similar to how you need to lock your doors and windows for house insurance to cover loss due to theft. So you might have to pick the worst AV going, just to make sure.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  11. Interesting idea but ultimately harmful by Billy+the+Mountain · · Score: 1

    The problem with this is, while it may help out a clueless company in the short term, the incentive for the insurance company is to pay the ransom, because it rewards the evil-doers, which, in turn creates more need for the insurance.

    --
    That was the turning point of my life--I went from negative zero to positive zero.
  12. Large businesses too by rsilvergun · · Score: 2

    Nobody likes paying for IT. Outside of nerds (the neckbeard kind, not the modern "nerd") people hate computers. They hate how they make them feel weak and dumb. They hate that they can't seen them working because so much goes on behind the scenes. And above all they hate that they put power in the hands of the sorta twerps they used to see bully (or bully themselves) in grade school.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  13. Re: Ransomware Insurance Is Coming... by dougdonovan · · Score: 1

    check the deep web for the app...

  14. Insurance will make the problem worse by aklinux · · Score: 2

    You're guaranteeing the bad guys a paycheck.

  15. Abort by jon3k · · Score: 2

    Have a friend who works for a mid-sized insurance firm that provides Cyber Insurance, it's actually exclusively what he does now. So what they do is get you to agree that you'll take all these preventative measures to avoid it (ie making backups) and when you get ransomwared they find some particular provision you violated to not pay your claim. Like any insurance of course.

  16. insurance company requires backups by raymorris · · Score: 4, Interesting

    > the incentive for the insurance company is to pay the ransom

    What insurance companies actually do is set conditions that *reduce* risk for their customers, so They don't have to pay anyone. They also create organizations such as Underwriters Laboratories and the National Fire Protection Association (who write the fire code).

    In this case, the insurance company will require that in order to get converage, you'll need to have *proper* backups, with a checklist of requirements for *proper* backup. Then they never have to pay out, and collect (small) premiums basically in exchange for forcing companies to test their backups quarterly.

  17. Re:Ransomware Insurance Is Coming... by Tablizer · · Score: 1

    ...probably from the same people writing the ransomware.

    I once worked for a company specializing in environmental cleanup. They were eventually bought out by a polluting civil engineering firm. They were essentially paid by the gov't to clean up their own messes.

    (Granted, the rules were lax in their earlier years such that it this financial recursion probably wasn't planned; just a lucky accident.)

    --
    Table-ized A.I.
  18. Re: Don't run Windows. by mmell · · Score: 1
    Yeah - but there have been reported incidents on the evening news where the rogue admin/engineer/architect has been so confident that he would prevail that "grey bar" cryptography has been ineffective. Now lead pipe cryptography, on the other hand, . . .

    Besides, the threat of legal action makes getting your hostage data "freed" a waiting game. Who loses more in such a waiting game - the rogue programmer, possibly confined in a very boring place with a bunch of smelly people and bad food, or the enterprise paying rent, utilities and people to not do business as usual?

  19. I can hear it now.... by Ol+Olsoc · · Score: 1

    Some pretty important data you have there. It would be a pity if something were to happen to it. You can't be too careful these days. By the way, how are the wife and kids doing.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  20. Food for thought by TheOuterLinux · · Score: 1

    Use Linux and use separate partitions as follows: /boot ext2 / ext4 Swap /home ext 4 encrypted Then, install Clamav and Lynis to check for viruses (more like passing on prevention for Window$ than for actual Linux) and rootkits. And if you find anything, you can reinstall Linux and leave the /home partition alone in most cases so you don't lose anything. Keep a list of installed packages and just drag and drop after apt-get install, yum, or zypper in the terminal. There have been actual cases when people try to get access to computers by lying about detecting malware on their computer over the phone. The user says he uses Linux and not Windows. They hang up immediately. I wouldn't pass these "insurance" companies to be any different.

  21. Re:Best protection vs. ransomware? by mmell · · Score: 1
    I don't think your software alone is the whole solution, and I'm not sure how it can prevent a ransomware attack against an enterprise target. I can certainly see how (in concert with VPN access and judicious use of TOR for certain activities) it could be part of an overall solution for several of the privacy and security concerns facing desktop users nowadays.

    While I mislike running such software in what I still think of as kernelspace (ring-0, I think?), I recognize why this has to run there under Windows, unless you like answering UAC requests all day. I'm going to give it a shot - this time, on physical hardware in daily use instead of sandboxed in a carefully managed VM (having already confirmed in the VM that it doesn't do anything schiesty). I have no intention of endangering my system (for example, by intentionally permitting a ransomware attack on my machine). Since I've never fallen prey to any exploits I'm aware of, I doubt that I'll have anything to report on that score.

    If it lives up to all you've claimed for it by itself, I'll be shocked. If it lives up to expectations, I'll be content. Suffice it to say I'll relate my experience with it here. I've seen what I consider a distinct improvement in your online comportment of late - let me go ahead and give your host lookup tool a shake. You'll hear back from me.

  22. Re:Best protection vs. ransomware? by mmell · · Score: 1
    You still really ought to consider only posting once; we all saw you the first time.

    Testing . . .

  23. Insurance companies will have that on their checkl by raymorris · · Score: 1

    I'm fairly certain insurance companies will require protection against that before they issue a policy.

    I've been hoping we could get something like Underwriters Laboratories (UL) or the National Fire Protection Association (who authors the fire code) for security, and someone to get companies to follow the standards. Insurance companies created UL and NFPA and require corporate clients to mitigate risks that could result in a payout. I have hope they will be a very good thing for security. Insurance companies evaluate and manage risk for a living, and they are good at it.

  24. Re:I never said it IS the "whole solution" by mmell · · Score: 1
    Your advertising, however, does imply as much (although, yes: I understand what hostfiles can do and what they can't). So far (what, maybe an hour now?) it's done what I would want. So far, no downside. Page load times are predictably much better (then again, I'm not on my network, not using my DNS. Using XFinity's default DNS on someone else's network).

    Seems to be installed and running correctly. Not quite intuitive, I wouldn't recommend it for most end-users. Your explanation of how to install is clear enough but I think you're overestimating the average users' intelligence. That's okay, as anybody who can't figure it out probably wouldn't know how to apply any other security enhancements anyway.

    Next test - VPN. I've occasionally had some DNS issues, especially when TOR'ing over a VPN in Windows. NP from my Linux desktop, but as I may have mentioned I gave it up last year, when I bought an Asus Chi-T300. Just plain too much easier to use Win10 then to get Fedora up and running right.

  25. I would sell this insurance ... by cowtamer · · Score: 1

    ... only after having the company agree to a regular audit of its backup systems, and ensuring automated redundant backups of crucial data...

  26. You have got such a nice computer there... by ruir · · Score: 1

    Now if something would happen to it...;) I have already insurance against malware, got a Mac, a GhostBSD and a Linux at home, and at work all my servers are Linux and FreeBSD, thank you.

  27. And keep the keys by DrYak · · Score: 1

    (and keep the cryptographic keys, just in case backups fail)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  28. It's not coming, been here for years by acoustix · · Score: 1

    This isn't a new thing. It's been around for a while.

    And it's not just about paying the ransom. The ransom is usually a very small amount of money in the whole scheme of things. It's about being able to conduct business like paying your vendors and employees while your system is down.

    --
    "A plan fiendishly clever in its intricacies"- Homer Simpson
  29. How does insurance work? by jbmartin6 · · Score: 1

    I think you can expect that the insurance carrier will require certain measures to be in place, especially reliable and tested backups. They aren't going to insure you against ransomware per se, they will only cover any losses incurred while restoring, or something similar. And it will have to be direct, quantifiable losses, such as cost of recalling tapes from storage. If you somehow found a carrier willing to insure you against enormous undefined losses due to your own failures, you can bet the premiums will be far higher than the cost of the backups.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  30. Linux ? by LienRag · · Score: 1

    Yes, backup is good, but Ransomware should not be able to operate on a good Linux OS : so, how to foolproof one's Linux distro?
    NoScript is good for preventing webexploits, but if one wants to surf the Net, at least some javascript must be allowed: what happens if one of these supposedly benign script is in fact malicious?
    They shouldn't be able to touch the root files IIUC, nor to install a ransomware, but what prevents them to encrypt the /home partition?
    I've heard of an escalation exploit in X, but don't know much more about it: is it something that one should fret about? Is there a way to protect one's system against it?

    KillDisk apparently targets Linux now, but I couldn't find an explanation on HOW he manages to do that; the best I could find was an allusion to the fact that it cannot infect a Linux by itself but runs on already infected linuxes... Is that true?