Ransomware Insurance Is Coming (onthewire.io) 29
Trailrunner7 quotes a report from On the Wire: As bad as the ransomware problem is right now -- and it's plenty bad -- we're likely only at the beginning of what could become a crisis, experts say. "Lots of people are being infected and lots of people are paying. The bottom line its it's getting worse and it's going to continue to do so," Jeremiah Grossman, chief of security strategy at SentinelOne, said during a talk on the ransomware epidemic at the RSA Conference here Monday. "Seven-figure ransoms have already been paid. When you're out of business, you'll pay whatever you have to in order to stay in business. You're dealing with an active, sentient adversary." The ransomware market seems to be headed in the same direction as real-world kidnapping, where high-profile targets take out insurance policies to pay ransoms. Grossman said it probably won't be long before the insurance companies latch onto the ransomware game, too. "The insurance companies are going to see a large profit potential in this. Kidnapping and ransom insurance is still very boutique. This economic model will probably apply equally well to ransomware," he said. According to The FindLaw Corporate Counsel Blog, "Ransomware attacks fall under your cyber insurance policy's 'cyber extortion' coverage and can generally be considered "first-party" or "third-party" coverage, according to Christine Marciano, president of Cyber Data Risk Managers. Third-party coverage would likely leave a company uninsured when they are the victims of a ransomware attack. Even if your insurance policy covers ransomware attacks made against your company, the deductible may be so high that the company will be stuck paying any ransomware demands out of pocket (should the company decide to pay to decrypt its data). And your coverage may be sub-limited to relatively small amounts, according Kevin Kalinich, the global cyber risk practice leader for Aon Risk Solutions. A $10 million policy may only provide $500,000 for cyber extortion claims, he explains."
Fool-proof insurance policy (Score:3)
BACKUP YOUR SHIT
You'd think that good backups would be better insurance, but far too many firms simply don't have good backups. Or worse, they think they have backups and they've never really tested the restore process and wait for an emergency to find out it doesn't actually work...
"Nothing can be made fool-proof, because fools are so ingenious."
because wtf is an "executable", fuck off with your computer shit.
Don't run Windows. (Score:3)
Problem solved.
-jcr
had an admin go rogue
If you know who the perp is, there's all kinds of options available.
-jcr
Do payments work? (Score:2)
If word gets out that paying doesn't help, then people will stop paying.
These are trustworthy criminals that have a reputation to lose.
1. Back up your data
2. Install the ransomware yourself on the computers.
3. Cash in on insurance policy
4. Reinstall data from backups.
