What Cyber Insurers Should Know About the Federal Ransomware Advisories
As the COVID-19 pandemic and the switch to remote work have highlighted cyber risks and drawn attention to the various methods cyber attackers are using, ransomware has continued to steal the spotlight.
Ransomware is a type of malicious software that is designed to block access to a computer system until a ransom is paid, and these attacks have increased in severity and frequency in the past year alone.
From the Insuring Cyber Podcast archives
In October, 2020, the U.S. Treasury Department issued a warning that individuals or businesses, including cyber insurers, that help facilitate ransomware payments could be violating anti-money laundering and sanctions regulations.
The warnings came in a pair of advisories, one from the Financial Crimes Enforcement Network (finCEN) and the other from the Office of Foreign Assets Control (OFAC). The advisories came as the FBI and Homeland Security officials also warned in October that Eastern European criminals are increasingly targeting U.S. hospitals with ransomware and urged healthcare facilities to beef up their preparations.
“[The advisories] are going to create potential exposures and potential costs that arguably were not there before,” said Josh Mooney, chief privacy officer at Philadelphia-headquartered law firm White and Williams LLP, in this episode of the Insuring Cyber Podcast. “Cyber carriers are now going to have to take a look at what are some additional liabilities out there? And are they going to run afoul with U.S. law if they honor the obligations they have under their policies to help pay for a ransom caused by a ransomware attack?”
In particular, he added that these advisories will almost certainly add an additional layer of cost and potential liability with carriers in forensic firms – a layer that only adds to the already increased proliferation and sophistication of these attacks.
“Ransomware attacks that we’re dealing with today are very different than the ransomware attacks that we addressed and saw even as recent as 12, 14 months ago,” he said. “Before, again, as recent as a year, year and a half ago, the typical ransomware demand would be maybe in the five or six figures. Now, many of them start in seven or even eight figures.”
Ransomware has become so common that it’s actually turned into somewhat of a business model, according to Michael Carr, head of underwriting at insurance provider Coalition. He explains in this Insuring Cyber Podcast episode that there are groups – sometimes referred to as Ransomware as a Service, or RaaS – that establish footholds on companies’ networks and periodically sell that access to other groups who will drop malicious software on those networks and seek a ransom.
“So it is a situation where there’s the potential that you can be a victim more than once if you don’t properly recover from the first attack,” Carr said.
With this in mind, Carr urged victims of ransomware attacks to act quickly and work with their cyber insurers to respond.
“This is a situation where the first thing I would say is for Ghostbusters fans, who are you going to call if the incident occurs?” he said. “So is your cyber insurer going to have somebody on the other end of the phone line who can actually quickly engage all of the right resources, legal forensics, etc., to respond to the attack? Because generally speaking, the longer it takes to respond, the more expensive these things can become.”
Check out this episode of the Insuring Cyber Podcast to see what else Michael and Josh had to say and be sure to tune in every other Wednesday for new episodes published along with the Insuring Cyber newsletter.