Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Businesses Security The Almighty Buck Communications Encryption Network Networking Piracy Privacy The Internet

Ransomware Insurance Is Coming (onthewire.io) 86

Trailrunner7 quotes a report from On the Wire: As bad as the ransomware problem is right now -- and it's plenty bad -- we're likely only at the beginning of what could become a crisis, experts say. "Lots of people are being infected and lots of people are paying. The bottom line its it's getting worse and it's going to continue to do so," Jeremiah Grossman, chief of security strategy at SentinelOne, said during a talk on the ransomware epidemic at the RSA Conference here Monday. "Seven-figure ransoms have already been paid. When you're out of business, you'll pay whatever you have to in order to stay in business. You're dealing with an active, sentient adversary." The ransomware market seems to be headed in the same direction as real-world kidnapping, where high-profile targets take out insurance policies to pay ransoms. Grossman said it probably won't be long before the insurance companies latch onto the ransomware game, too. "The insurance companies are going to see a large profit potential in this. Kidnapping and ransom insurance is still very boutique. This economic model will probably apply equally well to ransomware," he said. According to The FindLaw Corporate Counsel Blog, "Ransomware attacks fall under your cyber insurance policy's 'cyber extortion' coverage and can generally be considered "first-party" or "third-party" coverage, according to Christine Marciano, president of Cyber Data Risk Managers. Third-party coverage would likely leave a company uninsured when they are the victims of a ransomware attack. Even if your insurance policy covers ransomware attacks made against your company, the deductible may be so high that the company will be stuck paying any ransomware demands out of pocket (should the company decide to pay to decrypt its data). And your coverage may be sub-limited to relatively small amounts, according Kevin Kalinich, the global cyber risk practice leader for Aon Risk Solutions. A $10 million policy may only provide $500,000 for cyber extortion claims, he explains."
This discussion has been archived. No new comments can be posted.

Ransomware Insurance Is Coming

Comments Filter:
  • by WaffleMonster ( 969671 ) on Monday February 13, 2017 @07:26PM (#53861283)


    • You'd think that good backups would be better insurance, but far too many firms simply don't have good backups. Or worse, they think they have backups and they've never really tested the restore process and wait for an emergency to find out it doesn't actually work...

      • Or the backups are good and tested, but are on-line disk backups and also get encrypted...

      • Why is that situation even a thing? I know it happens, I have seen it happen. My question is: Why are backups so finicky? I would think that if you copy a bit to another type of media, it would ACTUALLY BE THERE so it could be restored. Why do backup manufacturers allow this to happen?
      • by allo ( 1728082 )

        When you decide to get an insurance, you can decide to get a backup. the problem firms are those, who don't think about the problem at all.

    • "Nothing can be made fool-proof, because fools are so ingenious."

    • by Anonymous Coward

      If those backups are accessible on same network and no copies offsite, the ransomware will eat those up too

      • You are correct that regular CIFS shares (external USB/eSATA hard drives, shares that are accessed with user level security) don't work against the REALLY ugly versions of ramsom ware. My company (shadowsafe.com) found out years ago that this can be solved by placing your backups on a device that isn't accessed by any regular users and only by the application taking and maintaining the backups. You, of course, also need offsite copies of things, but that protects against a different set of events.
    • laughing with you ...
    • by Tablizer ( 95088 )



      1. Test backups regularly
      2. Put the most recent copy in at least two geographically diverse locations (as insurance against regional disasters).
      3. Store the archive versions in at least two different locations, perhaps rotating the target if there's not enough space.
      4. If it's encrypted (probably a good idea), also make sure the encryption key is stored in multiple spots.

      Example schedule with 3 locations:

      LOCATION 1:
      - Last night's
      - 1 week ago
      - 4 weeks ago
      - 7 weeks ago
      - 10 weeks ago
      - etc...

      • by Mashiki ( 184564 )

        That's a good plan, unfortunately in many cases getting companies or even government to pay for it is next to impossible. I know of local and parts of provincial governments here in Canada that use 7-day round-robin backups, and there is no off-site backups at all. And it's because they believe it's a "waste of money" and any type of loss of the data is impossible.

    • by bartle ( 447377 )


      It is worth considering that for a large company, perhaps with several thousand workstations, it may be more cost efficient to pay the ransom and get their systems back online within a day rather than overworking their IT staff in the hopes of getting their machines back after a week. Even if the company has full data backups, they may not have the staffing required to wipe and reinstall every computer in a reasonable amount of time.

      • Even if the company has full data backups, they may not have the staffing required to wipe and reinstall every computer in a reasonable amount of time.

        How hard is it to plop in boot media and run a script? You have all the rest automated, so all it takes is a few lines of shell, right?

        Even special snowflake machines should back up to the common place, so they're not that different.

        And if you're instead using some commercial "solution", well, then you're already used to pay the inadequacy tax.

  • by Anonymous Coward

    As long as the insurance companies put in a mandatory security training course to qualify for this, I'm okay with it. Why do people still open unknown executables in emails?

  • by jcr ( 53032 )

    Problem solved.


  • by Anonymous Coward

    Insurance companies are experts in mitigating and evaluating risk - It's literally their job.

    In order to get insurance, insurance providers will require their customers to educate their staff and ensure they have a minimum baseline of security.

    The very basic, most bare of security practices reduce ransomware's impact to an annoyance. Separation of privileges, backup, software updates, email attachment filtering - You know stuff you should be doing already.

    • by Falos ( 2905315 )

      >ensure they have a minimum baseline of security.
      NO, that's victim blaming, people can do jack all, or even worse than nothing, and should still be morally indemnified. And financially. Because they have zero culpability.

  • What guarantees does anyone paying a ransom get that they will be able to unlock their data? If you are dealing with ransomware, you are dealing with crooks who don't have any morals whatsoever. Once they get payment, why wouldn't they just let you twist in the wind? Many kidnappings are the same. You pay the ransom and you still get a dead or missing relative.
    • by fisted ( 2295862 ) on Monday February 13, 2017 @07:52PM (#53861483)

      If word gets out that paying doesn't help, then people will stop paying.
      These are trustworthy criminals that have a reputation to lose.

      • The problem isn't the integrity of the ransomware author. The problem is that long after the author has moved on to other things (or been arrested, or assassinated), the ransomware virus is still out there, still spreading, still infecting new systems, and still scrambling data.

        It's like royalties from little-known songs that someone wrote a decade ago. If some trickle in, it's "oh that's nice" money. There's no incentive for the songwriter to maintain or improve that old product. It doesn't encourag
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      What guarantees does anyone paying a ransom get that they will be able to unlock their data?

      None. But ransomeware is generally not a one-off thing, the people who make and distribute it are career criminals. It's in their best interest to restore your data. If a particular brand of ransomware builds a reputation for being dishonest, then nobody's going to pay the unlock fee.

    • I think insurance companies for this kind of thing are just a colossally bad idea. Now it positively screams "lucrative!" to the ransomers, as victims will be far more willing to "pay" since it's covered by insurance. The amount of ransom demanded will increase as well.

      Instead they should be concerning themselves with better security, training, and backups. That wouldn't have to cost any more than the insurance premium.

  • I know the best insurance is having competent IT pros that can make ransomware no more than a minor inconvenience, but I suspect there are many small/medium businesses that would find this a cheaper alternative than staffing such a department.
    • Nobody likes paying for IT. Outside of nerds (the neckbeard kind, not the modern "nerd") people hate computers. They hate how they make them feel weak and dumb. They hate that they can't seen them working because so much goes on behind the scenes. And above all they hate that they put power in the hands of the sorta twerps they used to see bully (or bully themselves) in grade school.
    • by wbr1 ( 2538558 )
      Fuck that. Find a good, reputable MSP. Hate to sound like an infomercial,but my small MSP firm serves small biz. For less than 70 USD per PC per month you get encrypted cloud backups with, if desired, local mirror, world class AB, web filtering, event monitoring, free virus removal, etc. All at a set fucking cost. It's a no brainier.
  • Idiot insurance
  • by Dunbal ( 464142 ) * on Monday February 13, 2017 @07:52PM (#53861479)

    1. Back up your data

    2. Install the ransomware yourself on the computers.

    3. Cash in on insurance policy

    4. Reinstall data from backups.

    • by wbr1 ( 2538558 ) on Monday February 13, 2017 @09:20PM (#53862061)
      You can bet the insurance company will have digital forensics engineers on hand for any large payout. Local it will be in support, not supervisory roles.
      • But how will those "digital forensics engineers" tell an idiot user clicking on an attachment from this being done intentionally by someone with enough brains to log in as the former?

        I guess the insurance company will just randomly deny payments with a bullshit excuse, like they usually do.

        • by AmiMoJo ( 196126 )

          Exactly, many companies get several ransomware viruses by email a day. All one needs to do for insurance fraud is to "accidentally" open one.

          Chances are the policy requires you to take reasonable steps to protect yourself, similar to how you need to lock your doors and windows for house insurance to cover loss due to theft. So you might have to pick the worst AV going, just to make sure.

    • (and keep the cryptographic keys, just in case backups fail)

  • The problem with this is, while it may help out a clueless company in the short term, the incentive for the insurance company is to pay the ransom, because it rewards the evil-doers, which, in turn creates more need for the insurance.
    • by raymorris ( 2726007 ) on Monday February 13, 2017 @09:14PM (#53862025) Journal

      > the incentive for the insurance company is to pay the ransom

      What insurance companies actually do is set conditions that *reduce* risk for their customers, so They don't have to pay anyone. They also create organizations such as Underwriters Laboratories and the National Fire Protection Association (who write the fire code).

      In this case, the insurance company will require that in order to get converage, you'll need to have *proper* backups, with a checklist of requirements for *proper* backup. Then they never have to pay out, and collect (small) premiums basically in exchange for forcing companies to test their backups quarterly.

  • by aklinux ( 1318095 ) on Monday February 13, 2017 @08:13PM (#53861617) Homepage
    You're guaranteeing the bad guys a paycheck.
  • by jon3k ( 691256 ) on Monday February 13, 2017 @08:57PM (#53861925)
    Have a friend who works for a mid-sized insurance firm that provides Cyber Insurance, it's actually exclusively what he does now. So what they do is get you to agree that you'll take all these preventative measures to avoid it (ie making backups) and when you get ransomwared they find some particular provision you violated to not pay your claim. Like any insurance of course.
  • Some pretty important data you have there. It would be a pity if something were to happen to it. You can't be too careful these days. By the way, how are the wife and kids doing.
  • Use Linux and use separate partitions as follows: /boot ext2 / ext4 Swap /home ext 4 encrypted Then, install Clamav and Lynis to check for viruses (more like passing on prevention for Window$ than for actual Linux) and rootkits. And if you find anything, you can reinstall Linux and leave the /home partition alone in most cases so you don't lose anything. Keep a list of installed packages and just drag and drop after apt-get install, yum, or zypper in the terminal. There have been actual cases when people tr
  • ... only after having the company agree to a regular audit of its backup systems, and ensuring automated redundant backups of crucial data...

  • Now if something would happen to it...;) I have already insurance against malware, got a Mac, a GhostBSD and a Linux at home, and at work all my servers are Linux and FreeBSD, thank you.
  • This isn't a new thing. It's been around for a while.

    And it's not just about paying the ransom. The ransom is usually a very small amount of money in the whole scheme of things. It's about being able to conduct business like paying your vendors and employees while your system is down.

  • I think you can expect that the insurance carrier will require certain measures to be in place, especially reliable and tested backups. They aren't going to insure you against ransomware per se, they will only cover any losses incurred while restoring, or something similar. And it will have to be direct, quantifiable losses, such as cost of recalling tapes from storage. If you somehow found a carrier willing to insure you against enormous undefined losses due to your own failures, you can bet the premiums w
  • Yes, backup is good, but Ransomware should not be able to operate on a good Linux OS : so, how to foolproof one's Linux distro?
    NoScript is good for preventing webexploits, but if one wants to surf the Net, at least some javascript must be allowed: what happens if one of these supposedly benign script is in fact malicious?
    They shouldn't be able to touch the root files IIUC, nor to install a ransomware, but what prevents them to encrypt the /home partition?
    I've heard of an escalation exploit in X, but do

If graphics hackers are so smart, why can't they get the bugs out of fresh paint?