Brought to you by:
Liberty Specialty Markets
Liberty Specialty Markets

$350,000 ransom paid as cyber crooks change tack

Facebook Twitter LinkedIn Google

Digital thieves have become more brazen since the pandemic lockdown began, cyber insurance specialist Emergence says, revealing it has made a $350,000 bitcoin payment to free a client’s system from a new strain of ransomware.

Unlike previous malware, where the aim was to encrypt a victim’s data in exchange for ransom, this software stole the client’s data and had its IT system locked down before making an extortion demand.

Giving in to ransom demands is discouraged but in this incident, which involved a Queensland-based club, an exception had to be made after Emergence called in its forensic experts.

“In this particular case, the quality of the backups weren’t of the standards that were going to allow us to get that business back up and running quickly,” National Head of Sales Gerry Power told insuranceNEWS.com.au today.

“If we spend three or four months trying to remediate the data, or the data isn’t available to us, then the potential loss of profits to the business is huge.”

As the club had a cyber policy that covered for loss of earnings from an incident, Emergence decided it was better not to have the matter dragged out indefinitely.

“So sometimes you need to make a commercial decision,” Mr Power said. “The commercial reality suggests that we might need to pay the ransom. Each case is taken on its own merits.”

The strain of malware that was used to trap the Queensland club is increasingly common, representing a shift in tactics used by cyber crooks, according to Emergence.

“In the past, they weren’t always stealing the data. A lot of ransomware is just about locking a system down so the business can’t use it,” Mr Power said. “We’re now seeing a disturbing trend of new strains of ransomware.

“In a couple of cases that we have been working on of late, not only are they getting into the system and locking it down but what they are doing beforehand is they are actually taking the data out of the system before they lock down the system.”

Emergence Head of Underwriting & Product Development Jeff Gonlin says the extortion has become more targeted and costly. Recovery times are also taking longer to complete.

“This ugly practice has gone to new levels and with new variants,” he said.