Hello [insured customer] your network was hacked and encrypted. No free decryption software is available on the web. Email us at […] to get the ransom amount. Keep our contact safe. Disclosure can lead to impossibility of decryption. Please use your company name as the email subject.The Canadian insurance company was insured by an English insurance company against digital crime at the time of the attack. This English firm instructed an incident response company to negotiate on behalf of its customer with those attackers who posted their ransom demands. Through these negotiations, the parties eventually agreed to a deal in which the English insurance company sent 109.25 bitcoin (worth approximately 1,017,500 USD at the time of writing) over to the attackers. Those individuals, in turn, sent over a decryption tool that the Canadian insurance company used to restore its systems. This process took five days for the company to restore 20 servers and 10 days to recover 1,000 desktop computers.
The cyber security industry needs to adopt a guiding set of principles, such as the Top 20 Critical Security Controls from the Centre for Internet Security, so that there can be a consistent measure to identify if organizations are, in fact, deploying adequate cybersecurity controls. Many organizations fail to invest an adequate amount of people, process, and technology to their cybersecurity programs which results in large scale data breaches and ransomware attacks. Organizations will be attacked. However, with adequate controls, the attacks can be contained and damage minimized. In this incident, the cyber insurance covered the cost of the ransomware payment, but there are still additional costs to be considered by the organization, such as customer identity protection, brand reputation, share price, etc.Lastly, Khimji highlighted the importance of organizations having regular offline backups as a means to quickly recover their systems in the event of a ransomware attack. Organizations can further protect themselves by following these ransomware prevention tips.