WannaCry is a worldwide cyber extortion occurrence that was launched on May 12, 2017.  Although it missed most of the United States, other parts of the world were not as lucky.

Ransomware is a type of malicious software that infects a computer and then holds the computers data hostage by encrypting the files until victim pays to have the computer unlocked.

There are two major types of ransomware – Cryptors and Blockers.

  1. Cryptors – Encrypt valuable data on a computer or a computer network so that the user cannot access the data.

  2. Blockers – Deny access to an infected computer device so the devise is unusable.

Ransomware is not new as criminals have long sought to extort payment from victims.  What is new is the strong increase in popularity.  In 2016 Microsoft detected a 400% increase in the number of ransomware encounters.

Ransomware is spread as follows:

  1. Through phishing emails that include malicious attachments.

  2. Through a user visiting a website from which malware is downloaded without the user’s knowledge.

  3. Through social media applications.

The consequences to a victim (individual or company) can be significant, as follows:

  1. Loss of access to data.

  2. Disruption of normal business activities.

  3. Loss of revenue.

  4. Costs of restoring data and files.

  5. Paying the ransom.

  6. Damage to the company’s reputation.

Businesses and individuals can mitigate the threat as follows:

  1. Evaluating Data Back-up Procedures – recreating digital assets from uninfected backup is sometimes quickest and most effective.

  2. Providing Training to Employees – training employees to detect phishing emails signs.

    • Emails from a sender that is asking for a network username or password.

    • Emails that appear to be sent from the company’s HR or IT departments.

    • Emails that have grammatical errors.

    • Emails that contain email addresses that do not match the header or body of the email.

    • Emails that include links that show a different email destination when hovering over the links.

  3. Purchase Cyber Insurance Coverage – ensure corporate cyber insurance policies provide the following coverage:

    • Cyber Extortion – covers payments and fees to respond to and terminate a threat.

    • Digital Asset Restoration – covers costs to determine if assets have been altered and restore, recreate or repair.

    • Breach Response Services – covers costs to respond to a cyber-attack including privacy attorney fees, data forensics investigator and public relations firm.

Please note that not all cyber policies contain the insuring agreements necessary to fully insure a ransomware attack.  UIC associates maintain the ‘Intellectual Capital’ and expertise to assist our clients in ensuring their cyber policies encompass the latest and most comprehensive coverage forms and enhancements available.

UIC has detailed specifications of coverage which requests nearly the broadest and state of the art coverage available including the slightest language nuances which could be the difference between a covered and uncovered incident. Our team utilizes a more than 300 point checklist to achieve the core classic coverages as well as the dynamic/up and coming coverage. UIC utilizes different market access points from around the country to diversify the available markets and coverage.

Related News

Schedule your complimentary risk management audit.

Find out if your business qualifies for a free, high-level review of your insurance program by our independent consultants. Please click the button below, complete the Decision Tree form and submit.

Completion should only take a minute, which may easily turn out to be the best spent amount of time in support of achieving your business goals.

Complimentary Audit