View or download pdf
Recently, well-publicized ransomware incidents have targeted government entities, hospital systems, school districts, and financial institutions. While the threat of ransomware is nothing new, we are learning of alarming trends suggesting attacks are evolving to become more disruptive and payment demands more consequential than previously known. Ransomware is no longer simply a nuisance; attacks are rendering businesses inoperable, significantly eroding public confidence, and costing businesses millions to remediate.
Ransomware attacks typically begin with a targeted email message containing malicious software. Once introduced, the malware spreads throughout the network, encrypting documents or files and rendering them inaccessible until a ransom is paid by the victim.
In the past, these attacks normally targeted specific documents or files. Today, however, the attacks are creating havoc by infiltrating entire operating systems; deleting onsite backups; and exfiltrating sensitive data, with threat actors threatening to publish confidential information if their demands are not met. As these criminals become more emboldened, they are seeking larger ransom payments, now easily reaching seven figures.
In one recent incident, a bank was shut down for several days after numerous systems in its environment were attacked, including its core operating system, online banking platform, and telephones. The extortionists demanded a ransom in excess of $1,000,000.
The increasing frequency of attacks has garnered the attention of the U.S. Treasury’s Office of Foreign Assets Control. An advisory issued in early October 2020 provides some background on attacks, identifies several known malicious actors, and suggests a risk-based compliance program to mitigate exposure. The advisory also warns victims can be fined if they pay ransom to groups that are under economic sanctions. A similar advisory was issued by the Financial Crimes Enforcement Network.
Experts continue to suggest common-sense security measures are the best first step in protecting your institution. These recommendations include:
- Training employees to recognize suspicious emails and attachments
- Keeping antivirus and anti-malware software up to date
- Ongoing, regularly scheduled offsite (cloud based) backups that are not connected to the networks being backed up
- Refining incident response and business continuity plans to reflect today’s threat environment
There are emerging technology solutions available to help fortify your defenses against malware. A number of providers offer solutions that monitor entry points and network workflow to detect threats. The tools capture and analyze big data across many channels and use machine learning to continuously refine their algorithms to predict and prevent both novel and known variants of malware. The detection and response capabilities work in real time and are significantly more effective in thwarting threats from ransomware and other novel malware than off-the-shelf antivirus software.
As the frequency and severity of ransomware attacks continue to increase, it is critical that institutions evaluate the security measures they have in place and implement/update security measures to keep a step ahead of potential threats.
The claims scenario in this material is provided to illustrate a possible exposure faced by you or your clients. The facts of any situation which may actually arise, and the terms, conditions, exclusions, and limitations in any policy in effect at that time, are unique. Thus, no representation is made that any specific insurance coverage applies to the claims scenario. This information provides guidance and is not intended as a legal interpretation of any federal, state or local laws, rules or regulations. ABA Insurance Services Inc. (“ABAIS”) does not warrant that all potential hazards or conditions have been evaluated or can be controlled. The liability of ABAIS and its affiliates is limited to the terms, limits and conditions of the insurance policies issued by ABAIS. 102020.SA12 © ABA Insurance Services Inc., dba Cabins Insurance Services in CA, ABA Insurance Services of Kentucky Inc. in KY, and ABA Insurance Agency Inc. in MI, 3401 Tuttle Rd., Suite 300, Shaker Heights, OH 44122. CA license #0G63200