Last month, Norwegian-based Norsk Hydro, among the world’s largest aluminum producers, revealed that one of its key units was the target of a ransomware attack resulting in its ability to operate only at 50% capacity and causing production outages in operations across Europe and the U.S. The Norwegian National Security Authority (NSM), the state agency in charge of cyber security, said the attack used a virus known as LockerGoga, a relatively new strain of so-called ransomware, which encrypts computer files and demands payment to unlock them. The company did not plan to pay the hackers to restore files and would instead seek to restore its systems from backup servers.
Ransomware involves a rogue agent leveraging malicious software in a company’s computer systems to render the devices useless – unless the ransom is paid to unlock the data. The WannaCry attack in 2017 was the most infamous example of ransomware, affecting an estimated 200,000 of the world’s computers. The cyber criminals began a seven-day countdown to the destruction of data if victims didn’t pay $300 in Bitcoin within 72 hours. Refusal to pay after seven days would result in the permanent loss of data via irrevocable encryption according to the threat. Institutions affected included the U.K.’s National Health Service, FedEx Corp., and PetroChina. In March 2018, the city of Atlanta was hit with a ransomware attack, crippling its computer systems and causing millions of dollars in losses.
This latest cyber attack against Norsk Hydro underscores the continued use of ransomware against firms for financial gain. It’s important to note that all entities that perform services or rely on Internet systems to do business are vulnerable to ransomware attacks, whether that be e-commerce, financial services, government or professional services firms.
As a result of this ongoing exposure, it’s key that businesses prepare for and prevent ransomware attacks. One important strategy component in preparing for a potential attack is developing a robust backup strategy and making regular backups. This goes beyond having real-time backup or file synch, which will just back up encrypted files. A robust backup process will roll back a few days [to before the ransomware infection], and restore local and server apps and data. Businesses should consider a tiered or distributed backup solution that keeps several copies of backup files in different locations and on different media (so an infected node doesn't immediately have access to both current file repositories and backup archives).
Prevention is key as well. Employees should be trained to recognize social engineering techniques, avoid click bait, and never open an attachment from someone they don't know. Attachments from people they know should be viewed and opened with caution. Email attachments are the number-one risk for infection, drive-by downloads are number two, and malicious links in email are number three. Humans play a significant factor in getting infected with ransomware.
In addition, having a Cyber insurance policy that addresses ransomware or cyber extortion is critical. Losses in a Cyber policy that can be expected following a ransomware attack fall into several categories, including payment for the extortion demand, business interruption, and the costs associated with removing infections from machines and recovering data that the ransomware makes inaccessible.
RPS offers a number of Cyber insurance solutions for diverse industries, including healthcare, non-profits, schools, public entities, professional services, retail and hospitality. Collaborating with RPS gives you access to a wide range of coverage, as well as experts who specialize in handling cyber risk in every aspect. For clients with less than $100 million in revenue, you can get a quote for Cyber in about 60 seconds on the RPS e-Commerce platform by completing a short and simple 4-question application. For larger businesses, please contact your RPS Executive Lines professional.