Search This Blog

Friday, September 6, 2019

Are Insurers both fuelling and benefitting from Ransomware attacks ?

Ransom is the practice of holding a prisoner or item to extort money or property to secure their release, or it may refer to the sum of money involved. We have seen kidnap and ransom in many movies – money would be taken in a black suitcase and sometimes fight would ensue .. .. .. ever heard or imagined  of Insurers paying ransom money as preventive measure !!!

LAPD SWAT officers Jack Traven and Harry Temple thwart an attempt to hold an elevator full of people for a $3 million ransom by an extortionist bomber, who is later identified as Howard Payne. As they corner Payne, he holds Harry hostage. Jack intentionally shoots Harry in the leg, forcing the bomber to release Harry. Sometime later, Jack witnesses a mass transit bus explode, killing its driver. Payne, still alive, contacts Jack on a payphone, explaining that a similar bomb is rigged on another bus. The bomb will arm once the bus reaches 50 miles per hour (80 km/h) and detonate when it drops below fifty. The bomber demands a larger ransom of $3.7 million and threatens to detonate the bus if the passengers are offloaded.   ~  very interesting plot of ‘Speed’ American action movie released in 1994 directed by Jan de Bont,  starring Keanu Reeves, Dennis Hopper, Sandra Bullock, Joe Morton, and Jeff Daniels.

We have seen kidnapping and ransom amount being asked in Tamil movies too .. .. but that ghastly incident of 1978 sent shockwaves across the Nation  - Geeta Chopra aged 16 and her brother Sanjay aged 14 were on their way to participate in a radio program on August 26, 1978. It was drizzling and so the two accepted lift from a car. Kuljeet Singh (alias Ranga Kush) and Jasbir Singh (alias Billa) supposed that the children were from a rich family and in their greed of money, they kidnapped them. When the kidnappers came to know that their father was a naval officer, they thought of losing their chance to earn big money. So they killed the boy and raped his sister before killing her. .. .. and Tamil tinseldom had movies titled after these criminals (Billa&Ranga – Rajnikantstarrers !)

Hackers infecting the computer systems of the city of New Bedford, Massachusetts, with ransomware wouldn't settle for anything less that than $5.3 million to decrypt the data. The ransom was too high and they got a big fat nothing in return.The attack reportedly occurred on Friday, July 5, before working hours, and details remained unknown at the time as cybersecurity consultants "strongly advised" against providing information about the attack.

Computer crime, or cybercrime, is crime that involves a computer in any form and a network. The computer may have been used in the commission of a crime, or it may be the target.  Such crimes may harm Nations financially as also its security.  There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. There are varied estimates on the value of loss caused by cyber crimes – with solutions few and far between.  Most measures show that the problem of cybercrime continues to worsen.  There is insurance too, protecting against monetary losses caused by cyber crimes.

“Computer Attack” means any malicious or unauthorised electronic attack including but not limited to any fraudulent electronic signature, brute force attack, phishing, denial of service attack, that has been initiated by any Third Party or by any Employee. “Computer Security” means hardware, software or firmware whose function or purpose is to prevent a Computer Attack or Computer Virus from damaging, destroying, corrupting, overloading, circumventing or impairing the functionality of computer systems, software and ancillary equipment of a Third Party. “Computer Virus” means any program or code that is designed to cause loss or damage to a computer system or any part and/or which prevents or impairs a computer system or any part from performing and/or functioning accurately and properly ~ and there is data security breach which would mean the failure of computer security arising from a breach that can include transmission of a computer virus, data protection breach and the like.

Read this interesting article in Gizmodo titled – ‘Ransomware Attackers and Insurance Companies Are Forming a Human Centipede of Profits’.  Ransomware incidents—cyber attacks in which bad actors demand payment in exchange for encrypted files—are a frighteningly common fixture of our modern era. But more troubling is that the number of attacks may be hiking due, in part, to the insurance companies tasked to deal with the fallout in the event of such crime, according to a new report.

ProPublica this week published an investigation into insurers who deal in the booming business of covering cybersecurity incidents and how they handle claims. The report claims that the companies prefer to fork over the tens or even hundreds of thousands of dollars in ransom—ostensibly to minimize the detriment to the affected party, as damages from such an attack can add up to multi-million dollar hits. But according to ProPublica, insurance companies are “both fueling and benefiting from” ransomware attacks by opting to pay ransoms, in some cases “even when alternatives such as saved backup files may be available,” as the outlet previously reported in May.

Ransomware incidents can throw a wrench into the day-to-day business operations of targeted municipalities and businesses. However, the report cited lengthy and costly recovery of backup files—in cases where such data is available—as a motive for insurers to acquiesce to the demands of bad actors behind the attacks. File recovery, ProPublica reported, can add up if an insurer needs to cover costs like overtime for employees or public relations efforts to deal with the aftermath of an attack, among other expenses.But successful ransomware schemes—that is, those that are able to elicit payment from victims—only help fuel more ransomware incidents. As the report noted, both the government and cybersecurity experts advise against paying ransoms for stolen data for many reasons, foremost because including that paying up doesn’t necessarily resolve the issue.

Fabian Wosar, CTO for virus protection company Emsisoft, told ProPublica that cybercrime insurance “is what’s keeping ransomware alive today. It’s a perverted relationship. They will pay anything, as long as it is cheaper than the loss of revenue they have to cover otherwise.”  The cost of managing the aftermath of a ransomware attack can be huge. It was reported in June that the cost to the city of Baltimore after it refused to pay hackers 13 bitcoin was somewhere in the neighbourhood of $18 million, with the possibility of additional costs over time. The Baltimore Sun reported Wednesday that the city voted to transfer $6 million from a parks and facilities fund to help cover the costs to the city.

With regards – S. Sampathkumar
6th Sept 2019
Info excerpted from  :

No comments:

Post a Comment