In mid-May, one of the largest insurance companies in the U.S. paid $40 million to ransomware attackers. Two people familiar with the matter told Bloomberg that the malicious actors stole an undisclosed quantity of data and then effectively locked the insurer out of its network for two weeks. The company ignored the attackers’ demands at first. But, a week into the infection, it decided to make contact with the attackers. This effort led to negotiations in which the insurer convinced the attackers to drop the ransom from $60 million to $40 million.
Cyber Insurers’ Straight and Narrow View of Ransomware
The attack discussed above stands out for a couple of reasons. First, it’s worth noting that $40 million is the largest ransom paid by any ransomware victim anywhere to date. Second, it’s important to point out that the victim was a company that offers cyber insurance itself.
Why is the second point relevant? Well, there’s a paradox when it comes to cyber insurance companies and ransomware attackers. On the one hand, the former use monetary support to help their clients recover if and when they fall victim to the latter. On the other, cyber insurance companies normalize the fulfillment of ransom demands. Paying up puts all organizations at greater risk of an incident in the future.
The issue is that insurers take a straight and narrow approach to the question of whether to pay. Insurers are concerned about the costs of recovery and business disruption. Is it cheaper for an organization to pay the ransom? Or is it cheaper if an organization attempts to restore ..
Support the originator by clicking the read the rest link below.
