Ransomware Defence

Ransomware defense in 2021: How can you prevent and respond to these attacks

Your files are encrypted. You have five days to pay the money or your files may be deleted.” This isn’t a strange message, nor farfetched. This is a common scenario that plays out constantly. By the end of 2021, ransomware attacks are expected to target global businesses every 11 seconds.”

Ransomware is experiencing a meteoric rise in sophistication, frequency, and severity. As ransomware has proliferated over the past year, more than half of organizations have fallen victim to an attack. Ransomware attacks are increasing in frequency, resulting in higher operational and financial costs.

How can organizations defend themselves?

Ransomware attacks are becoming more common as ransomware attacks combine ransomware to encourage ransom payments. Data exfiltration is the unauthorized copying or transfer of data. In Q4 alone, more than 70% of ransomware attacks involved the threat of data exfiltration. Organizations are now facing increased ransomware attacks and the privacy implications of data theft.

Businesses have significantly increased their digital transformation efforts due to the COVID-19 pandemic. The rapid shift to remote work has made it easier for hackers to target healthcare providers, government agencies, manufacturing companies, and all other industries. What is the result? Cybercriminals are now in a fortunate position.

What is ransomware? How do they attack?

Ransomware is malware that blocks access to data or systems until a ransom is paid. Attackers use a variety of techniques to encrypt victim’s files and make them impossible to open. The attacker then provides instructions and requests a fee (aka, the ransom) in cryptocurrency from the victim, dangling a carrot in the form of a decryption key to unlock the encrypted data. It is uncertain whether the victim will pay or not.

Cybercriminals are the most frequent perpetrators of ransomware. Cybercriminals use ransomware attacks to gain economic advantage. Ransomware toolkits are easily available on the dark internet (think RaaS- Ransomware As a Service), which allows even less skilled cyber criminals, to execute ransomware attacks for a profit. The ease with which attackers can execute ransomware attacks also contributes to its continued growth, notes the 2020 Data Breach Investigations Report.

Are you concerned about the safety of your organization?

Ransomware attacks can affect individuals and businesses in all industries. Small and medium-sized businesses remain popular targets, representing 62% of incidents (Beazley 2020 Breach Briefing). However, 38% of ransomware attacks target the middle market (defined at over $35 million in annual revenues). Ransomware can affect all industries but some are more vulnerable than others. Healthcare, professional services, and financial services alone account for more than half of ransomware incidents. Ransomware attacks on sensitive patient data are a common target in the healthcare sector.

What are the most effective ransomware defense strategies?

Ransomware attacks can cause serious damage. While a ransomware attack can’t be predicted, businesses can prepare for it. Preparation is key. Companies should plan about how they will handle ransomware attacks: before, during, after.

It is crucial to:

  • Learn your options.
  • Establish internal policies and guidelines.
  • Learn about regulatory implications and possible sanctions.
  • Get board approval
  • Learn how insurance can be leveraged to its full potential.
  • Get legal advice
  • Engage outside expertise.
  • How to open a cryptocurrency account

Concentrate on the following:

  • Minimize exposure and maximize backup.
  • Get vendor and insurance expertise.
  • Follow both your internal and exterior guidance.
  • Decide whether you want to pay the ransom. Consider what to do after a ransomware attack.
  • Keep up-to-date internal guidance
  • Get outside expertise.
  • Recognize and correct weaknesses.
  • Review backup strategy.

Consider these steps after a ransomware attack:

  • Keep up-to-date internal guidance
  • Get outside expertise.
  • Recognize and correct weaknesses.
  • Review backup strategy.

Is there a solution to ransomware?

Our complete ransomware offering includes cyber risk management and insurance. This includes:

Ransomware Alert: What would be your organization’s performance in a ransomware attack? This simple assessment provides insight into your ransomware readiness. The assessment provides numerical scores and benchmarks based on de-identified Marsh data. It also includes executive-level reports that provide findings. Assessments of organizations are made based on ransomware-specific preparedness indicators. They include employee awareness, backup procedures, and procedures, as well as technical controls.

Ransomware InsightsWhat is my ransomware risk profile This service provides insight to clients to better understand, measure, and manage ransomware business risks. It models possible attack severity and pinpoints vulnerabilities. Additionally, it identifies areas for improvement in insurance underwriting. This analysis includes historical and current ransomware incidents. Clients have access to thought leadership resources, can review potential vendors, and can browse best practices all from one location.

Planned Response to Ransomware Incidents: Are you familiar with ransomware and have you prepared a comprehensive incident response plan? It is crucial to create a comprehensive incident management plan to enable organizations to respond to, recover from, and prepare for ransomware incidents. This offering includes the identification of key stakeholders and their roles/responsibilities; development of response guidelines, procedures, and processes; establishment of event tracking; execution of detailed tabletop exercises; analysis of the financial impact of a ransomware incident; and identification and assessment of vulnerabilities in the plan itself. We can work with you to develop and implement a program for sanctions compliance.

Cyber Insurance: Have your cyber policies been reviewed?Marsh can assist in the design of a cyber insurance program that covers ransom payments and related costs. A cyber policy may include support for preparation and response (such as employee training, incident response planning, legal and forensics, breach notification services, etc.) as well as protection for balance sheets for first- or third-party liabilities (lost revenue, extra expenses, regulatory penalties, data restoration and repair, reputational damage, and regulatory fines and sanctions).

Our cyber risk specialists and insurance specialists can help you prepare for ransomware attacks in advance by helping to assess your readiness and create a comprehensive response plan. We can help you create a cyber policy that covers ransomware and other technology risks.

Ransomware can seem overwhelming. We understand how confusing it can be to know the best way to respond. Our clients have helped us in a variety of industries to prepare for the unexpected and be prepared for it.

Although we believe the information in this document is accurate, we cannot guarantee its accuracy. Marsh does not make any representations or warranties regarding the application of policy words or the financial condition, solvency, or ability to pay for reinsurers or insurers. This publication contains only a summary of the topics covered and is not meant to be used as advice for any particular situation. Statements regarding tax and/or other legal issues should be understood as general observations, based only on our experience as risk consultants and insurance brokers. They should not be regarded as legal or tax advice. For specific coverage or other concerns, insureds should consult their qualified tax and/or legal advisors.