Ransomware is a type of malware denying users access to data until a ransom is met. It can affect any individual or organization due to visiting an infected website or clicking on a suspicious email. Ransomware is powerful, and it can prevent businesses from viewing anything from supply spreadsheets to configuring hospital bills for patients. Payment is often made in cryptocurrency, and fees have significantly increased over the past months during the pandemic due to more people working remotely.
Insurance brokers offer insurance policies such as cyber liability to their clients, which often cover negotiating with cyber-attackers, issuing digital forensics, and recovering lost data. However, the U.S. Treasury has warned cyber insurers to ward off from paying ransomware payments due to sanctions risks. All affected companies are instead advised to report any ransomware attacks and cooperate with law enforcement.
Types of Ransomware Operations
The Financial Crimes Enforcement Network (FinCEN) shares a list of varying ransomware operations, including the following:
- Big Game Hunting: Big Game Hunting schemes often attack larger corporations and firms to demand increased payouts. Critical assets are targeted as such ransomware attacks become more sophisticated and frequent.
- Double Extortion: Double Extortion schemes comprise of stealing essential data and then threatening enterprises that they will sell or publish confidential data unless a ransom is paid in full.
- Exploit Kits: Ransomware exploit kits can be shared or purchased amongst other criminals who collectively offer malicious codes and tools to attack businesses. An entire community of hackers gives input, codes, and illegal information on shared platforms.
- Anonymity-Enhanced Cryptocurrencies: Cybercriminals often require victims to pay ransoms via cryptocurrencies to hide financial flows and prevent tracking from taking place.
- Fileless Ransomware: Fileless ransomware has advanced coding to navigate around malware and antivirus programs. Such files get written onto a computer’s memory versus onto a hard drive’s documents.
Ransomware operations continue to get more sophisticated and complex. It is imperative to be aware of and continually update safety measures.
Avoid Sanctions Violations
Insurance brokers need to be wary of cyber insurers violating sanctions by converting business funds to virtual currency, sending money to hackers, or even issuing digital forensics to take place. This could be seen as money transmission, and brokers ought to take precautions instead.
For instance, they should ensure:
- Clients report any suspicious activities to FinCEN and OFAC (Office of Foreign Assets Control) if a transaction is affected by illegal undertakings and/or involves $5,000+ in assets. This can involve payments, transactions, and unauthorized dealings.
- A risk-based compliance program should also be implemented in companies to prevent violations from occurring. Overall, the FBI advocates against paying a ransom since cyber-attackers may not relinquish the data, can continue to violate businesses, and may advance their illicit activities.
- Refer to OFAC’s Specially Designated Nationals and Blocked Persons list (SDN List) and other sanctions lists to view how extortion should be treated. However, the identity of cyber criminals is not always identified since actors can be hired to communicate between criminals and victims.
OFAC may enforce penalties for sanctions violations and hold people civilly liable even if they were not fully aware they were involved in transactions with a prohibited person listed under the sanction regulations. Hence, businesses are highly encouraged to report any ransomware demands to law enforcement as soon as the situation arises.
Cyber insurers can recommend their clients to employ best practices amongst their organizations to prevent ransomware and breaches in data by doing the following:
- Restrict users’ ability to install or run particular software and only allow approved programs to run.
- Set up spam filters to remove phishing emails and scan emails to detect threats.
- Add firewalls to block harmful IP addresses and never click on unsolicited emails.
- Back up data regularly and store it offline.
- Update secured Remote Desktop Protocol (RDP) with the latest operating systems.
It can be tempting for businesses to pay a ransomware demand right away since they may have time-sensitive data that needs to be processed or accessed immediately. However, it is essential for insurance brokers to mitigate risks, avoid sanctions violations, and enable clients to respond to cyber-attacks in the best way possible.
To learn more about how to respond to ransomware as an insurance broker, contact the experts at NIP Group at (800)-446-7647. Our licensed professionals will be happy to answer any questions you may have.