Are Insurers Both Fuelling and Benefitting from Ransomware Attacks ?
Posted on the 06 September 2019 by Sampathkumar Sampath
Ransom is the practice of holding a prisoner or item to extort
money or property to secure their release, or it may refer to the sum of money
involved. We have seen kidnap and ransom in many movies – money would be taken
in a black suitcase and sometimes fight would ensue .. .. .. ever heard or
imaginedof Insurers paying ransom money
as preventive measure !!!
LAPD SWAT officers Jack Traven and Harry Temple thwart an attempt
to hold an elevator full of people for a $3 million ransom by an extortionist
bomber, who is later identified as Howard Payne. As they corner Payne, he holds
Harry hostage. Jack intentionally shoots Harry in the leg, forcing the bomber
to release Harry. Sometime later, Jack witnesses a mass transit bus explode,
killing its driver. Payne, still alive, contacts Jack on a payphone, explaining
that a similar bomb is rigged on another bus. The bomb will arm once the bus
reaches 50 miles per hour (80 km/h) and detonate when it drops below fifty. The
bomber demands a larger ransom of $3.7 million and threatens to detonate the
bus if the passengers are offloaded. ~very
interesting plot of ‘Speed’ American action movie released in 1994 directed by
Jan de Bont, starring Keanu Reeves,
Dennis Hopper, Sandra Bullock, Joe Morton, and Jeff Daniels.
We have seen kidnapping and ransom amount being asked in Tamil
movies too .. .. but that ghastly incident of 1978 sent shockwaves across the
Nation - Geeta
Chopra aged 16 and her brother Sanjay aged 14 were on their way to participate
in a radio program on August 26, 1978. It was drizzling and so the two accepted
lift from a car. Kuljeet Singh (alias Ranga Kush) and Jasbir Singh (alias
Billa) supposed that the children were from a rich family and in their greed of
money, they kidnapped them. When the kidnappers came to know that their father
was a naval officer, they thought of losing their chance to earn big money. So
they killed the boy and raped his sister before killing her. .. .. and Tamil tinseldom had movies titled after these criminals
(Billa&Ranga – Rajnikantstarrers !)
Hackers infecting the computer systems of the city of New
Bedford, Massachusetts, with ransomware wouldn't settle for anything less that
than $5.3 million to decrypt the data. The ransom was too high and they got a
big fat nothing in return.The attack reportedly occurred on Friday, July 5, before
working hours, and details remained unknown at the time as cybersecurity
consultants "strongly advised" against providing information about
the attack.
Computer crime, or cybercrime, is crime that involves a computer
in any form and a network. The computer may have been used in the commission of
a crime, or it may be the target.Such
crimes may harm Nations financially as also its security.There are also problems of privacy when
confidential information is intercepted or disclosed, lawfully or otherwise.
There are varied estimates on the value of loss caused by cyber crimes – with
solutions few and far between.Most
measures show that the problem of cybercrime continues to worsen.There is insurance too, protecting against
monetary losses caused by cyber crimes.
“Computer
Attack” means any malicious or unauthorised electronic attack including but not
limited to any fraudulent electronic signature, brute force attack, phishing,
denial of service attack, that has been initiated by any Third Party or by any
Employee. “Computer Security” means hardware, software or firmware whose
function or purpose is to prevent a Computer Attack or Computer Virus from damaging,
destroying, corrupting, overloading, circumventing or impairing the
functionality of computer systems, software and ancillary equipment of a Third
Party. “Computer Virus” means any program or code that is designed to cause
loss or damage to a computer system or any part and/or which prevents or impairs
a computer system or any part from performing and/or functioning accurately and
properly ~ and there is data security breach which would mean the failure of
computer security arising from a breach that can include transmission of a
computer virus, data protection breach and the like.
Read this interesting article in Gizmodo titled – ‘Ransomware
Attackers and Insurance Companies Are Forming a Human Centipede of Profits’.Ransomware
incidents—cyber attacks in which bad actors demand payment in exchange for
encrypted files—are a frighteningly common fixture of our modern era. But more
troubling is that the number of attacks may be hiking due, in part, to the
insurance companies tasked to deal with the fallout in the event of such crime,
according to a new report.
ProPublica
this week published an investigation into insurers who deal in the booming
business of covering cybersecurity incidents and how they handle claims. The
report claims that the companies prefer to fork over the tens or even hundreds
of thousands of dollars in ransom—ostensibly to minimize the detriment to the
affected party, as damages from such an attack can add up to multi-million
dollar hits. But according to ProPublica, insurance
companies are “both fueling and benefiting from” ransomware attacks by opting
to pay ransoms, in some cases “even when alternatives such as saved
backup files may be available,” as the outlet previously reported in May.
Ransomware
incidents can throw a wrench into the day-to-day business operations of
targeted municipalities and businesses. However, the report cited lengthy and
costly recovery of backup files—in cases where such data is available—as a
motive for insurers to acquiesce to the demands of bad actors behind the
attacks. File recovery, ProPublica reported, can add up if an insurer needs to
cover costs like overtime for employees or public relations efforts to deal
with the aftermath of an attack, among other expenses.But successful ransomware schemes—that is, those that are
able to elicit payment from victims—only help fuel more ransomware incidents.
As the report noted, both the government and cybersecurity experts advise
against paying ransoms for stolen data for many reasons, foremost because
including that paying up doesn’t necessarily resolve the issue.
Fabian
Wosar, CTO for virus protection company Emsisoft, told ProPublica that
cybercrime insurance “is what’s keeping ransomware alive today. It’s a
perverted relationship. They will pay anything, as long as it is cheaper than
the loss of revenue they have to cover otherwise.”The cost of managing the aftermath of a
ransomware attack can be huge. It was reported in June that the cost to the
city of Baltimore after it refused to pay hackers 13 bitcoin was somewhere in
the neighbourhood of $18 million, with the possibility of additional costs over
time. The Baltimore Sun reported Wednesday that the city voted to transfer $6
million from a parks and facilities fund to help cover the costs to the city.
Howsoever cost efficient it could be – Insurer agreeing to make
a legal payment to ransomware threat does not gel well!
With
regards – S. Sampathkumar
6th
Sept 2019
Info
excerpted from:https://gizmodo.com/ransomware-attackers-and-insurance-companies-are-formin-1837665669