This month’s WannaCry ransomware attack is the latest example of how these targeted attacks can cripple operating systems, with the bitcoin payments the price for alleged relief.
In the attack, the WannaCry ransomware computer worm targeted the Microsoft Windows operating system, infecting more than 230,000 computers in 150 companies. The ransomware was allegedly spread through phishing emails. As in other ransomware attacks, the invading software locked users out of their data and demanded a payment in exchange for the restoration of files.
As ransomware attacks multiply and grow in seriousness, it is worth reviewing how companies can prepare for and protect themselves against this significant threat. As Paul Bond and Kimberly Chow’s March 7, 2017, article in Corporate Counsel suggests, ransomware attacks in 2017 are similar to data security breaches a decade ago: a known risk, drawing class-action litigation, for which a plan is needed. Notably, when it comes to ransomware, companies face the choice of whether to pay the criminal, which may or may not end with the return of data, or to refuse payment, which risks operational and reputational losses.
For tips on developing a ransomware response plan, check out Paul Bond and Kimberly Chow’s article: http://www.corpcounsel.com/id=1202780776545/What-Should-Be-in-Your-Ransomware-Response-Plan?slreturn=20170416120602
Companies should also consider cyber insurance to protect themselves in the event that a ransomware or other cyberattack occurs. Cyber policies may provide specific coverage for such events, including amounts paid to the perpetrator to terminate a threat, as well as investigation costs to determine the cause of a security breach. Not all cyber insurance policies are the same, and as the market continues to mature and evolve, companies should be aware of the scope of available coverage, and should seek assistance when evaluating and negotiating new or renewal policies to ensure they obtain the most comprehensive coverage available to fit their needs. For assistance regarding cyber insurance, contact David Weiss or Cristina Shea in our Insurance Recovery Group, or any other member of the group with whom you regularly work.