Ransomware Attacks Cripple Cities

March 9th, 2020 Post By :

Cyber attack coverage

Hackers are wielding their power across the globe by unleashing a rash of ransomware cyber attacks on companies, organizations, and even U.S. cities. Cyber security and Cyber insurance can work in conjuction to make companies cyber resilient.

Ransomware is a type of malware that holds your computer and data files hostage until the victim pays the demanded amount. These attacks can cripple major operating systems, leaving banks unable to process transactions, airlines unable to continue flights, and other devasting and costly ripple effects.

In the case of the City of Baltimore, Maryland, a demand for 13 bitcoin (approximately $76,000) cut-off municipal email access and crippled the home sale process by freezing access to property liens and unpaid water bills for over a month.

According to The Baltimore Sun, the unpaid ransom demand is expected to cost the city at least $18.2 million in lost and delayed revenue including property taxes, real estate fees, and some fines as well as direct costs to restore municipal computers.

As of August 2019, the city had yet to vote on an $835,000 contract to provide $20 million in cyber liability coverage through insurance carriers Chubb and AXA. Cumbre Insurance has access to both of these carriers and markets.

The time and income lost due to ransomware cyber attacks cause expensive and irreparable damage. As the Baltimore example demonstrates, denying ransom payments can cost more in damages than what hackers demand.

For those who choose to pay hackers’ demands, many do not recover their compromised data. Whether the data is not returned at all or returned in a corrupted, unusable condition, many ransomware victims lose the targeted data and are left to deal with the fallout from a data breach.

Baltimore was one of many municipal targets of ransomware in recent years. Other notable attacks include:

  • Atlanta, Georgia – A $50,000 demand in March 2018 attacked the city’s departments of human resources and corrections, municipal court, and ATL311, the city’s payment portal for water, permits, tickets, and other city services. Five months later, The Atlanta Journal-Constitution published a confidential report claiming that the unpaid ransom could cost the city $17 million dollars in damage.
  • Augusta, Maine – Rather than pay a ransomware demand for approximately $100,000, the City of Augusta rebuilt its computer system including payroll, accounts payable and receivable, motor vehicle registration, and assessing information from backup data. The rebuild caused the city to close for two days and took eight days to rebuild.  The city did not publicly release its estimated costs as a result of the rebuild, but city officials said they would pursue partial reimbursement from their insurance carrier, according to 
  • Riviera Beach, Florida – An infected email opened within its police department caused the city’s email and phone systems to fail and disabled 911 dispatch in May 2019. Within six weeks, the city council voted to pay the 65 bitcoin (approximately $650,000) ransom of which it paid a $25,000 deductible. Even after paying the ransom, city services were only partially online.
  • Lake City, Florida– In June 2019, officials voted to pay hackers $460,000 to recover email and server access after a two-week outage. The city’s insurance covered all but $10,000 of the payment.

Most security professionals advise against paying ransom for cyber attacks. Of those who choose to pay, many find that their returned files are still fully or partially encrypted as in the case of Riviera Beach.

When your organization is hit with a ransomware attack, you will be faced with the difficult decision between paying up and hoping for fully restored files and access and starting over from scratch. That’s why Cumbre Insurance stresses proactive protection and training to reduce your risk of being targeted by a ransomware attack or lessening the damage caused by an attack.

Protection and Prevention

Establishing a recovery plan is a key method of protection from ransomware. Conducting regular system backups is one of the most important steps in safeguarding your files from hackers. Typically, backup files are not initially impacted, giving you time to respond before the next backup occurs which would overwrite the saved files with the virus.

If you have an unaffected backup, you can delete the hostage files and restore the originals from your backup database. By having a data recovery plan, you can walk away from the situation without paying a ransom or investing additional time and resources to respond to the hackers.

Implementing risk management measures is also vital. Check to make sure your company has a cyber insurance policy as a part of your risk portfolio. Your business insurance broker can work with you to adjust coverage parameters to ensure you have adequate protection for your data situation. These policies are typically determined by revenue and number of records needing protection, meaning coverage and costs are based on limits and how many notifications would be triggered by a breach.

Depending on the insurance carrier, having a cyber policy gives you access to additional response and loss prevention resources. These resources may include tips on establishing a recovery plan and preparing your response if a cyber security incident does occur as well as a response team to augment your IT and public relations departments when a threat is detected. Cumbre has covered this with our 10 Ways to Prevent Cyber Attacks

Your professional liability advisor can also provide you with resources, like a cyber security planning guide and legal advice, to ensure your team understands and knows how to prepare for any cyber incident.

What Not to Do

One of the biggest mistakes companies make when a cyber attack happens is announcing the breach. To safeguard your company, always refer to a potential attack as an “incident” rather than a “breach” which often triggers another level of response, including automatic ID theft protection and monitoring of personal records.

If you are not prepared to respond to the attack, contact your business insurance broker or cyber insurance carrier immediately. Do not publicize the situation to anyone, including employees (if this can be avoided). Cyber response teams have the proper recourse to do the right things at the right time before it costs you time, money, and your brand’s reputation. It is also a good practice to have a procedure for employee conduct if the company is the target of a ransomware or other similar cyber attack. All it takes is an employee social media post or phone call to a friend stating your company’s files have been breached to set off additional, costly response measures. Emphasize to employees all potential cyber incidents are to remain completely confidential until notified by executive leadership. 

Proactive Partners

From municipalities to large corporations, no industry, size of the business, or individual is safe from ransomware, but proactive safety measures and responsive coverage can soften an attack’s impact.

As always, Cumbre Insurance is here to support your organization’s growth and security. Please contact us to discuss your specific ransomware concerns and develop appropriate prevention and coverage measures.

Stay up to date with our newsletter!

Cumbre Insurance is a proud agency partner of Acrisure, a top 10 global insurance broker. Our relationship with Acrisure allows us to provide our clients access to policies, resources, and expertise often outside the reach of stand-alone agencies. Along with competitive pricing, our service is backed by dedicated, local customer service.

Tags: , ,