From a cyber perspective, there are only two types of companies: Those that have been hacked and those that will be hacked.

When an agricultural producer gets hit by a ransomware attack, it comes close to collapsing its business. The last two years of our lives will forever be marked as the years hardest hit by the global pandemic COVID-19. But this period has also brought us other threats, namely the digital pandemic in the form of the rise of Ransomware cyber-attacks.

What is Ransomware?

It was an ordinary morning for the agricultural company which is one of the main dairy products producers in the region. The director of the company arrived, as usual, sometime before the workers came to the factory, turned on his business laptop and noticed a disturbing message: “You are under a ransomware attack, please follow the link for further steps.”

Ransomware is a type of malicious software or encryption program, placed by a hacker, that works by encrypting data on a network. To regain access to the data, it asks you to pay a ransom in exchange for a decryption key. Some researchers (Coveware) show that a minority of companies that choose the ransom payment route, end up being forced to make additional payments or never getting access to their data.

Ransomware attacks have been one of the most common threats in the last couple of years. Business interruption periods increased from an average of 15 days (2020), now to an average of 23 days (2021). It should be also noted that the business interruption costs sometimes are as high as the ransom payment, or even exceed the amount. IBM’s 2020 Cost of Data Breach Report shows us that it took around 280 days to even identify a breach in a system, which gives us an insight into the ability and power of hackers to move stealthily and silently through a victim’s system.

Cognyte company, the security analytics agency, claims that the Manufacturing and Financial Services industries are the leading targets of ransomware hit, followed by the Transportation, Technology, Legal and Human Resources industries. Some examples are:

  • In 2016, Delta Airlines faced a major network outage that lasted for five hours and cost the company 150 million USD.
  • In October 2016, there was a DDoS attack on Dyn, a company that administers a major element of the web, that took down widely used websites such as PayPal, Twitter, Netflix, Amazon, and others.
  • In 2017, Maersk, a Danish shipping company, faced a cyber-attack that disrupted operations for two weeks, resulting in a loss of about 300 million USD.

Weak point RDP

According to the UK security company Sophos, one of the most distinguished ways is the widespread use of Remote Desktop Protocol (RDP). RDP is a system which allows remote users to connect to the desktop of another computer via a network connection. Usually, it is used by organizations to allow employees to gain access to their networks while they are working remotely. If the port, that an organization uses for RDP access, is exposed directly to the internet, it is easy for malicious actors to find it, and they then attempt to gain access to an organization’s computer systems.

After the hackers gain access to the system, the next step is to break into the organization´s local administrator account. This means that the attackers are using a computer program trying to crack the passwords by trying various password combinations in quick series. The longer and more complex password, the more difficult the job will be for hackers to crack the system. Unfortunately, in our case, the local administrator´s account had a weak password combination. Additionally, the absence of Multi-factor authentication (MFA) for RDP access, allowed the hacker to gain access to the organization’s network without having to go through a second verification procedure, such as entering a verification code.

The production was blocked and unfortunately, the company did not have an offline backup stored on external storage that could be used to restore them. After the activation of the business incident plan and connection with the external incident response team, the company decided that a ransom will be paid. After the payment and receiving the decryption key, recovery was started. As the whole process was time-consuming, it took around 14 days for the system to get fully recovered.

The benefits of cyber insurance against a cyber-attack

Due to having a cyber insurance policy, the company was able to carry out the whole process of recovery of data and ransom payments with highly skilled IT professionals. The costs which were covered under this cyber-attack were, above mentioned ransom payment, business interruption losses, business incident response, forensic investigation costs, crisis PR, privacy liability, and compliance with the data protection regulatory bodies (GDPR) under the law regulated time.

Some important statistics (Indusface):

  • Organizations saw a record 225% increase in losses from ransomware attacks in 2020;
  • 53% of attacked businesses stated that their brand and reputation were damaged after a successful attack;
  • Around 26% of enterprises had to shut down operations permanently because of a ransomware attack.

If you are interested in the possible insurance offers and the level of vulnerability of your company to cyber threats, contact us and a team of our specialists will provide you with all necessary information about the further steps.

Related Insights

War in Ukraine and Cyber Insurance

Since the start of the war in Ukraine, fears of cyber-attacks due to parallel hybrid war are increasing. In this article we explain how the insurance industry is reacting and how the war clause affects conditions.

Read more …

Bogdan Santovac

Bogdan Santovac

Liability & Financial Lines Specialist

T +420 778 521 276