Ransomware Insurance Is Coming

Trailrunner7 quotes a report from On the Wire: As bad as the ransomware problem is right now -- and it's plenty bad -- we're likely only at the beginning of what could become a crisis, experts say. "Lots of people are being infected and lots of people are paying. The bottom line its it's getting worse and it's going to continue to do so," Jeremiah Grossman, chief of security strategy at SentinelOne, said during a talk on the ransomware epidemic at the RSA Conference here Monday. "Seven-figure ransoms have already been paid. When you're out of business, you'll pay whatever you have to in order to stay in business. You're dealing with an active, sentient adversary." The ransomware market seems to be headed in the same direction as real-world kidnapping, where high-profile targets take out insurance policies to pay ransoms. Grossman said it probably won't be long before the insurance companies latch onto the ransomware game, too. "The insurance companies are going to see a large profit potential in this. Kidnapping and ransom insurance is still very boutique. This economic model will probably apply equally well to ransomware," he said. According to The FindLaw Corporate Counsel Blog, "Ransomware attacks fall under your cyber insurance policy's 'cyber extortion' coverage and can generally be considered "first-party" or "third-party" coverage, according to Christine Marciano, president of Cyber Data Risk Managers. Third-party coverage would likely leave a company uninsured when they are the victims of a ransomware attack. Even if your insurance policy covers ransomware attacks made against your company, the deductible may be so high that the company will be stuck paying any ransomware demands out of pocket (should the company decide to pay to decrypt its data). And your coverage may be sub-limited to relatively small amounts, according Kevin Kalinich, the global cyber risk practice leader for Aon Risk Solutions. A $10 million policy may only provide $500,000 for cyber extortion claims, he explains."

Fool-proof insurance policy

[WaffleMonster]

BACKUP YOUR SHIT

Re:Fool-proof insurance policy

[taustin]

In my professional opinion, that would not qualify as a good backup.

What could possibly go wrong

[Dunbal]

1. Back up your data

2. Install the ransomware yourself on the computers.

3. Cash in on insurance policy

4. Reinstall data from backups.

Re:What could possibly go wrong

[wbr1]

You can bet the insurance company will have digital forensics engineers on hand for any large payout. Local it will be in support, not supervisory roles.

Re:Do payments work?

[fisted]

If word gets out that paying doesn't help, then people will stop paying.
These are trustworthy criminals that have a reputation to lose.

Re:Do payments work?

What guarantees does anyone paying a ransom get that they will be able to unlock their data?

None. But ransomeware is generally not a one-off thing, the people who make and distribute it are career criminals. It's in their best interest to restore your data. If a particular brand of ransomware builds a reputation for being dishonest, then nobody's going to pay the unlock fee.

insurance company requires backups

[raymorris]

> the incentive for the insurance company is to pay the ransom

What insurance companies actually do is set conditions that *reduce* risk for their customers, so They don't have to pay anyone. They also create organizations such as Underwriters Laboratories and the National Fire Protection Association (who write the fire code).

In this case, the insurance company will require that in order to get converage, you'll need to have *proper* backups, with a checklist of requirements for *proper* backup. Then they never have to pay out, and collect (small) premiums basically in exchange for forcing companies to test their backups quarterly.