Is your business protected against Ransomeware?

Business insurance costs are on the rise. Insurance giant Aon has reported that the six-week period from the start of April to the middle of May saw insurance premiums increased by 27% from the same time last year, and this is largely as a result of an increasing number of ransomware cyberattacks.

This recent spike in ransomware activity is putting pressure on businesses to improve cyber defences as a matter of urgency. Is your business protected?

What is ransomware?

Ransomware is a type of malicious software that’s used to block you from accessing your own data. Cyber criminals use this software to encrypt the files on your system by adding extensions to the attacked data. They’ll then hold this data hostage until you pay the ransom to have it released.

Of course, there’s no guarantee they will release the data, even if you agree to meet their demands.

How ransomware could hit your business

Cashflow, operations, customers and reputation can all take a hit with ransomware, but now its hitting  operating expenses (like insurance) too.

Insurance broker Aon has reported that from April to mid-May 2021 insurance premiums have leapt 27% from the same time in 2020 reflecting the rise in cyber-attacks and ransomware strikes over the same time period. According to ProLion, a best-in-class active ransomware and data protection solution provider for ONTAP centralised file services, this is just the tip of the iceberg when it comes to the increase in costs businesses face if they are hit by a ransomware demand.

Steve Arlin, VP Sales, UK, Americas & APAC, ProLion, stated: “Ransomware became more sophisticated over the past year and businesses and economies locked down. Now we are seeing attacks at an almost industrial scale with the rise of ransomware-as-a-service. Attacks are going through the roof and more and more high-profile businesses are being hit. We are now regularly hearing of businesses which are critical to humanity such as the oil and gas provider Colonial and the world’s biggest beef producer, JBS.

“This is becoming a serious issue impacting consumers, producers and governments alike and even the insurance sector is not immune. Axa, one of Europe’s largest insurers, was itself hit in May 2021.”

A recent survey by the US industry body whose members find insurance cover on behalf of companies, The Council of Insurance Agents and Brokers, found that over 70% of its members reported a decrease in underwriter capacity for taking on cyber risk.

“There is no doubt that the insurance sector is applying some considerable pressure on corporates to get their cyber security act in order. Nothing gets the attention of the CFO more than a spike in premiums and this must surely help drive cultural change within corporates,” continued Arlin.

“With ransomware you hear a lot when it comes to reputational risk, lost productivity and ultimately the cost of paying the ransom. What is now clear from these figures is that ransomware is impacting the day-to-day operational costs of doing business in ways no one even a year ago could have predicted.”

“Since there’s no way to completely protect your organisation against a ransomware attack, businesses should adopt a ‘defence-in-depth’ approach. This means using layers of defence with several mitigations at each layer. You’ll have more opportunities to detect it, and then stop it before it causes real harm.

“Our solution is CryptoSpike which delivers agentless ransomware protection for Central File Services whether in the local data centre, NAS, or in the Cloud enabling us to deal with the cause before it becomes a mess,” concluded Arlin. “Ultimately no business wants to face increased costs but when the cost of insurance goes through the roof, or when, as it is now being reported, primary insurance simply dries up, then it is time to focus on prevention and not cure.”

What to do if your hit by a ransomware attack

Timing is crucial when it comes to ransomware attacks. If your business is hit, follow these four steps:

  1. Contain the breach by isolating all affected devices from other computers and storage devices. You should also disconnect these devices from the internet, turn off the WiFi and disable core network connections.
  2. Identify the breach so you know how to fix it. This should become apparent from the ransom note, but you may have to investigate further. To find out where the attack originated, you could try to geo-locate the logins from the network.
  3. Remove the malware and any back doors, close ports and reset passwords.
  4. Restore your network using any backups you have.

Once this has been done (or while it’s ongoing), you should notify any affected parties. If third party data has been compromised, you’ll need to inform everyone this affects. You may also need to tell your bank, and you should definitely report the incident to the police and your insurer.