Insurance company which provided ransomware protection got infected with it; $1M USD paid to hackers
Ransomware incidents keep attracting the attention of the cybersecurity community. A few days ago, a Canadian insurance firm revealed that, last October, it resorted to temporary disabling of all its computers after detecting a ransomware attack for which they had to pay nearly $1 million USD to hackers. The incident was not revealed at the time, although it was now released due to the company’s efforts to claim the ransom.
It appears that this Canadian insurer has an
agreement with another UK-based insurance company that has brought a case
before a British court due to the economic loss arising from this incident. The
British company offers insurance services in case of cyberattacks. The name of both
companies has been concealed in the lawsuit filed.
Simon Bryan, the judge in charge of the case,
ruled that the hacker, or hackers in charge of the attack, somehow managed to
infiltrate the networks of the affected company, bypassing cybersecurity
measures, such as the firewall. After getting access, they began to lock the
files on the company’s servers and desktop machines, leaving a ransom note.
“Your network has been hacked and
encrypted. There is no free software available on the web to unlock your
systems. Send us an email to pay the ransom. Keep this contact safe; disclosing
this information will lead to the permanent loss of your information,” mentions
the note left by the attackers.
The affected company hired an expert in
ransomware incidents handling, who recommended them to negotiate with the
attackers; in the end, the insurance company agreed to a payment of 109.25 Bitcoin
(about $950k USD, according to the current exchange rate). The original amount
demanded by the hackers was more than $1 million USD in Bitcoin. Five days
after maintaining some limited operations, the company completed the recovery
of all of its systems.
Although the incident was dealt relatively
successfully, the company did not stand by and hired a cybersecurity firm to
track the Bitcoin transaction. Despite hackers had time to exchange Bitcoin for
other cryptocurrencies, the researchers managed to reach the original Bitcoin
address, pursuing a lawsuit against the address owner and the cryptocurrency
Although there is no way to fully prevent a ransomware attack, the International Institute of Cyber Security (IICS) recommends training employees in all areas of an organization to recognize potential cybersecurity threats, limiting access with administrator privileges on machines that don’t require it, not to mention the creation of security backups.