Insurance companies and cryptographers: a new method to protect themselves from the consequences of ransomware

Ransomware , software that encrypts user data, then extorts money to get the decryption key, is becoming increasingly popular. The cryptographers infect computers and computer networks of both private individuals and companies and government organizations. Many attacks turn into losses of thousands of dollars, as a result of which users often prefer to pay the creators of ransomware rather than wait for valuable data to be deleted.

Often, attempts to solve a problem are delayed for days or even weeks, and not always sending money to the creators of malware leads to a positive result. Sometimes no one sends the decryption key even after payment, and in some cases, the software deletes the user's files only by pretending to be ransomware. Perhaps one of the ways out is insurance against theft of data by cryptographers, which will cover the potential losses of the victim of such software.

According to Christine Marciano, president of Cyber ​​Data Risk Managers, infection of PCs of companies or private individuals ransomware should fall under the cyber-extortion case. True, insurance payments in this case are not too large. According to Kevin Kalinich, with an insurance policy of $ 10 million, the insurance payment for cyber-conspiracy will be only $ 500 thousand. True, this is only if you leave everything as it is and do not modify your insurance. Many insurance companies offer the possibility of changing insurance conditions with the strengthening of certain provisions. That is, you can pay for insurance, which will cover all losses in the event of an insured event.
')
The network already has information about some of these situations. For example, in 2016, the University of Calgary suffered from cryptographers. Fortunately for the administration, a month before the incident, the university insured with one of the insurers, asking to add a clause on cyber torture. This item is not intended to provide the insurance company ransom attackers (more than $ 15,000). But this was not required. The vice-president of the university for finance said that the insurance covered all the losses of the educational institution, including the ransom itself to the creators of ransomware.

Most likely, insurance will become an increasingly popular way to protect against losses caused by cryptographers. “Many people are victims and most prefer to pay. The problem is becoming more and more global, and most likely this will continue, ”says Jeremiah Grossman, head of security at SentinelOne. “We already know about the seven-figure payouts. When you have a business, you will do anything to solve the problem. You are dealing with an opponent who is thinking and aware of your actions. ”

Over the past few years there have become a lot of cryptographers. Their creators receive money and are not going to stop there. Attack with ransomware is quite simple, and the threshold for entering this market is low. The only factor limiting the financial revenues of the developers of malicious software of this type is the number of affected PCs, and this is not a very serious obstacle to enrichment.

And working with ransomware is much less dangerous than hacking computer networks. The development of such software requires a much smaller amount of equipment and initial investment. And there are lots of ways to influence the user so that he quickly paid. One of them is the gradual deletion of files. For example, a Jigsaw cryptographer deletes one user file every hour. When you try to restart the PC, the program also deletes files. After a certain time, every hour not one, but more files are deleted anymore. It is clear that people and organizations that need their data will do everything to pay quickly.



Now users who want to protect themselves from cyber warmers, are doing the same thing as people who want to protect themselves from ordinary extortionists - they are insured. Probably, insurance companies will soon become more active, creating insurance packages for corporate and private users seeking to protect themselves from the consequences of the work of ransomware.

Grossman believes that sooner or later the cyber warders will be defeated. But for this it is necessary, first of all, to consider this sphere as an economic model, and use, first of all, the economic levers of influence. One of these levers is insurance.

He is probably right, because the victims of ransomware are representatives of businesses of all sizes, private users, city administrations of various countries, authorities and even security services. Last year, passengers of the San Francisco Narrow Gauge Railroad were able to use railway transport free of charge due to the fact that all payment terminals of the San Francisco Municipal Transportation Agency (SFMTA) were infected with a cryptographer.

If someone misses, the network of the enterprise may be hit by a cryptographer, and for every infected computer you will have to pay a fairly large amount (from $ 50 and up). If there are a lot of computers, and the information on them is of great value, the enterprise will pay.

Information security experts believe that one of the ways to protect yourself from the effects of infection is to save your files, make backups on a regular basis, and store this data outside the network to which main work computers are connected. In this case, the problem can be solved quite simply, with almost no losses and in a short time.