What Cyber Insurers Need To Know About The Federal Ransomware Advisory
What Cyber Insurers Need To Know About The Federal Ransomware Advisory
What Cyber Insurers Need To Know About The Federal Ransomware Advisory
As the COVID-19 pandemic and the shift to remote working have exposed cyber risks and highlighted the different methods used by cyber attackers, ransomware continues to dominate the limelight.
Ransomware is a type of malware designed to block access to a computer system until a ransom is paid, and these attacks have increased in severity and frequency only in the last year.
In October 2020, the US Department of the Treasury warned that individuals or companies, including cyber insurers, that help facilitate ransomware payments could violate anti-money laundering regulations and sanctions.
The warnings came from some councils, one from the Financial Crimes Enforcement Network (finCEN) and the other from the Office of Foreign Assets Control (OFAC). The advice came when FBI and Homeland Security officials also warned in October that criminals in Eastern Europe were increasingly targeting American hospitals with ransomware, urging healthcare facilities to speed up preparations.
"[Feedback] will create potential exposures and potential costs that probably didn't exist before," Josh Mooney, chief privacy officer at the Philadelphia-based law firm White and Williams LLP, said on this episode of the Insuring Cyber Podcast. Cyber carriers will now need to consider what additional obligations exist. And will they violate US law if they meet their obligations under their policy to help pay the ransom caused by a ransomware attack? "
In particular, he added that such advice would almost certainly add an additional layer of potential cost and liability for forensic business operators, a layer that only adds to the already greater spread and sophistication of these attacks.
"The ransomware attacks we face today are very different from the ransomware attacks we fought and saw 12, 14 months ago," he said. “Back then, again, just a year and a half ago, typical demand for ransomware could be anywhere from five to six figures. Now many of them start with seven or even eight digits. "
Ransomware has become so common that it has in fact become a business model, said Michael Carr, chief insurance officer at Coalition insurance company. He explains in this episode of the Insuring Cyber Podcast that there are groups, sometimes referred to as Ransomware as a service or RaaS, that take hold on corporate networks and periodically sell access to other groups that sell malicious software. In these networks and demand a ransom.
"So this is a situation where there is a chance that you will become a victim more than once if you don't recover properly from the first attack," Carr said.
With that in mind, Carr urged victims of ransomware attacks to act quickly and work with their cyber insurers to respond.
"This is a situation where the first thing I would say to Ghostbusters fans is who are they going to call when the incident happens?" he said he. "Will your cyber insurer have someone on the other end of the phone line who can quickly call all the appropriate resources, forensics, etc., to respond to the attack?" Because generally the longer it takes to respond, the more expensive these things can get. "
Watch this episode of the Insuring Cyber podcast to see what Michael and Josh had to say, and tune in every Wednesday for new episodes that will be released with the Insuring Cyber newsletter.
This is Insurance Top Info 190 - ITI abaut What Cyber Insurers Need To Know About The Federal Ransomware Advisory.