Parent Page Home
Parent Page ARCHIVED PAGES
Parent Page Cyber & Breach Response Portal
Parent Page Issues
Ransomware

Ransomware

Illustration depicting a padlock and key

Ransomware is a type of malicious software (malware) that restricts access to an infected machine, usually by systematically encrypting files on the system’s hard drive and network shares, and then demands payment of a ransom, usually in a crypto-currency (e.g., Bitcoin), in exchange for the key to decrypt the data. Ransom demands are increasing at an alarming rate as cybercriminals target backups to increase the pressure on victims.

Many of the same vulnerabilities that can lead to ransomware are also exploited by threat actors to exfiltrate data. As part of their cyberextortion attempt, they may also threaten to expose the stolen data.

Basic cyber hygiene is key to avoiding a ransomware incident, although no organization can be entirely safe. Organizations should focus on incident response, disaster recovery and business continuity. In particular:

Ensuring that backups are segregated from the rest of the network so as to shield them from an attack’s path of destruction.

Regularly testing the organization’s recovery from backups to ensure they are viable should they need to restore the organization’s data following an attack.

Knowing how long the restoration process will take so their stakeholders are able to make informed decisions about whether to pay a ransom and how best to mitigate a potential loss.

It is critical to have the right measures in place such that, if disaster does strike, the organization is well placed to respond.
If a policyholder experiences a ransomware incident, Beazley can introduce them to incident response, cyber extortion, and data recovery vendors. Beazley is a market leader in preparing clients against cyber attacks and ransomware with tools and technology, especially through our Beazley Breach Response (BBR) product offering, that has been specifically designed to minimize overall business disruption that can come from such incidents. BBR vendors are vetted industry leaders with an excellent track record of understanding complex cyber events, reducing ransom demands through negotiation, helping with disaster recovery and working with insureds to make the big decisions, quickly.

Given Beazley and its vendors’ experience in this marketplace, vendors can tell the “good bad guys” from the “bad bad guys” so as to be comfortable that, if paying a ransom, clients in all likelihood will receive a decryption key that will work to restore impacted systems. If businesses do choose to make a ransom payment, subject to the terms of their policy, Beazley can also reimburse such payments through cyber extortion coverage.
It is not Beazley’s role to make or attempt to influence a policyholder's decision on whether or not to pay a ransomware request, though it is our mission to provide access to experts who can help in the decision making process, and facilitate their recovery efforts in the event that an attack occurs.
We aim to provide policyholders the best cyber infrastructure to protect them from nefarious activities and help them achieve their main objective to mitigate risk and get their businesses back online. Moreover, while many notable, high profile cyber attacks predate the cyber insurance market, we have seen a rise in indiscriminate attacks that are growing in technical sophistication. At Beazley, we are committed to delivering on our promises to help our cyber policyholders avoid and respond to these situations through education and access to our expert network.

Paying a ransom always should be (and, in our experience, is) the last resort. Ransomware can jeopardize the financial and reputational well-being of its victims. Recent headlines illuminate the financial danger that ransomware victims can face. In fact, many cyber attacks have very fat tails and recovery from such attacks can take years and can account for notable amounts of down hours at corporations, cities and state offices.
There are effective steps that clients can take to help protect their organization from ransomware infection and potential business interruption. For a summary, download our best practices and discuss them with your clients today.

Ransomware: Best Practices for Prevention and Response
For information you can use to educate your clients, download our 2020 Breach Briefing which focuses on ransomware.
A well thought out backup and restoration plan is one of the most important countermeasures against ransomware. It is critical for organizations to ensure that there is adequate network segmentation and offline backups in place to protect backups from corruption by the ransomware.