Subscribe
About

The aftermath of a ransomware attack

By Phahamang Thakudi
Johannesburg, 18 May 2017

Wanna Decryptor a new variant of the WannaCry ransomware family has spread rampantly impacting almost 150 countries around the globe, including South Africa and many other African countries. And if you think you've got nothing to worry about, think again.

The first reports of the attack came from the UK National Health Service (NHS), where hospitals and doctors were forced to turn away patients and cancel appointments. Reports then quickly spread to railway ticketing systems in Germany, telecoms giant Telefonica in Spain, FedEx and Renault who had to shut down some production lines in Northern France and Romania. Reports flooded in from thousands of companies around the world, including Russia, China and the USA.

While the ransom demand is not exorbitant - $300 in Bitcoins - it's the consequential damages that should have companies concerned. Lost earnings due to business interruption, increased cost of working including for IT specialists to recover operations, forensics to determine potential additional compromises as well as crisis communications and PR to minimise reputation impact, this is where the real costs and damages lie: costs and damages that accumulate at an alarming rate. A key item highlighted by the attack is the reliance we have on systems and data and the impact that a disruption in access to these systems can have on all aspects of our lives.

Many South African companies believe they are too small to be targeted by a hacker. But the hacker in this instance doesn't select the victim; it's all automated and completely random.

To make matters worse, ransomware has the ability get into almost any environment with relative ease, and not just through e-mail attachments. These days you can pick up ransomware simply by plugging in a USB device or browsing the Internet, among other things.

Can attacks be avoided?

Are there things we can do to reduce the risk of a ransomware attack? Sure. In fact, the latest attack could have been avoided quite easily. Microsoft released a patch to address this vulnerability in March 2017. Unfortunately many companies did not apply the patch that would have hampered the spread of the ransomware.

In addition reports are that the WannaCry originally spread via e-mail. If this is the case training, awareness and vigilance with regards to e-mail security could have gone a long way to prevent this as well as many other ransomware attacks.

Can cyber insurance help?

Hackers and cyber criminals are becoming more and more sophisticated and businesses would be well advised to ensure they have insurance in place to cover any losses they may incur as a result of an attack on their digital assets.

When assisting your clients to put cyber insurance in place, make sure the following points are covered:

* Costs for security and forensic specialists to determine if your data can be recovered without paying the ransom.
* If recovery is not possible and there aren't adequate backups, the policy should go as far as covering the actual ransom demand. These demands can be well over R1 million.
* Insurance should also cover costs of determining how the ransomware got into the environment in the first place, and how to prevent it from happening again. There is also a chance that the ransomware is just a smokescreen for something far more insidious, which a forensic audit will detect.
* The policy should extend to cover loss of earnings and increased cost of working as a result of an attack.
* There should also be the option of cover for public relations and crisis communication to contain reputational damage.
* In addition, there may be a need to cover defence and settlement of third-party liability claims.

ITOO Special Risks offers a comprehensive cyber policy that covers all of these bases, and more!

It works closely with you and your clients to establish bespoke risk management practices and relevant cover to ensure peace of mind before, during and after any potential cyber attack.

Cyber crime is here to stay, and everyone is vulnerable!

Share

Editorial contacts

Ryan van der Coolwijk
ITOO
(+27) 83 794 4332
ryanv@itoo.co.za