From a cyber perspective, there are only two types of companies: those that have been hacked and those that will be hacked.

When an agricultural producer gets hit by a ransomware attack, it comes close to collapsing its business. The last two years of our lives will forever be marked as the years hardest hit by the global pandemic COVID-19. But this period has also brought us other threats, namely the digital pandemic in the form of the rise of Ransomware cyber-attacks.

What is Ransomware?

It was an ordinary morning for the agricultural company which is one of the main dairy products producers in the region. The director of the company arrived as usual some time before the workers came to the factory, turned on his business laptop and noticed a disturbing message: “You are under ransomware attack, please follow the link for further steps.”

Ransomware is a type of malicious software or encryption program, placed by a hacker, that works by encrypting data on a network. To regain access to the data, it asks you to pay a ransom in exchange for a decryption key. Some researches (Coveware) show that a minority of companies that choose the ransom payment route, end up being forced to make additional payments or never getting access to their data.

Ransomware attacks have been one of the most common threats in the last couple of years. Business interruption periods increased from an average of 15 days (2020), now to an average of 23 days (2021). It should be also noted that the business interruption costs sometimes are as high as the ransom payment, or even exceed the amount. IBM’s 2020 Cost of Data Breach Report shows us that it took around 280 days to even identify a breach in a system, which gives us an insight into the ability and power of hackers to move stealthily and silently through a victim’s system.

Cognyte company, the security analytics agency, claims that the Manufacturing and Financial Services industries are the leading targets for ransomware hit, followed with a Transportation, Technology and Legal and Human Resources industries. Some examples are:

  • In 2016, Delta Airlines faced a major network outage that lasted for five hours and cost the company 150 million USD.
  • In October 2016, there was a DDoS attack on Dyn, a company that administers a major element of the web, that took down widely used websites such as PayPal, Twitter, Netflix, Amazon, and others.
  • In 2017, Maersk, a Danish shipping company, faced a cyber-attack that disrupted operations for two weeks, resulting in a loss of about 300 million USD.

Weak point RDP

According to the UK security company Sophos, one of the most distinguished ways is the widespread use of Remote Desktop Protocol (RDP). RDP is a system which allows remote users to connect to the desktop of another computer via a network connection. Usually it is used by organizations to allow employees to gain access to their networks while they are working remotely. If the port, which an organization uses for RDP access, is exposed directly to the internet, it is easy for malicious actors to find it, where they then attempt to gain access to an organization’s computer systems.

After the hackers gain access to the system, the next step is to break into organization´s local administrator account. This means that the attackers are using a computer program trying to crack the passwords by trying various password combinations in quick series. The longer and more complex password, the more difficult the job will be for hackers to crack the system. Unfortunately, in our case, the local administrator´s account had a weak password combination. Additionally, the absence of Multi-factor authentication (MFA) for RDP access, allowed the hacker to gain access to the organization’s network without having to go through a second verification procedure, such as entering a verification code.

The production was blocked and unfortunately the company did not have offline back-up stored on an external storage that could be used to restore them. After the activation of the business incident plan and connection with the external incident response team, the company decided that a ransom will be paid. After the payment and receiving decryption key, the recovery was started. As the whole process was time-consuming, it took around 14 days for the system to get fully recovered.

The benefits of cyber insurance

Due to having a cyber insurance policy, the company was able to carry out the whole process of recovery of data and ransom payment with highly skilled IT professionals. The costs which were covered under this cyber-attack were, above mentioned ransom payment, business interruption losses, business incident response, forensic investigation costs, crisis PR, privacy liability, compliance with the data protection regulatory bodies (GDPR) under the law regulated time.

Some important statistics (Indusface)

  • Organizations saw a record 225% increase in losses from ransomware attacks in 2020;
  • 53% of attacked businesses stated that their brand and reputation were damaged after a successful attack;
  • Around 26% of enterprises had to shut down operations permanently because of a ransomware attack.

From a cyber perspective, there are only two types of companies: those that have been hacked and those that will be hacked.

If you are interested about the possible insurance offers and the level of vulnerability of your company to cyber threats, contact us and team of our specialists will provide you all necessary information about the further steps.

Related Insights

Stephan Eberlein , GreCo Group Practice Leader Financial Lines

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60