Just when we think we have a handle on our cyber insurance, the ransomware attackers have come and stirred things up again. I’m talking about the new trend in ransomware that you may not have considered yet. It’s the data exfiltration piece.
It used to be that our cyber insurance was sized to cover the costs of a breach or ransomware attack. We figured out the cost of notifications, credit monitoring, legal fees, standing up a call center to provide information to customers and even the PR costs associated with a data breach. We have also figured out the formula for dealing with a ransomware attack, things like digital forensics, equipment replacement, offsite disaster recovery operations and even the cost of downtime was figured in to the coverage provided by our cyber insurance policies.
The problem is, the newest threats we are facing covers both areas in a single event and not many organizations have the coverage to handle both.
The Maze variant of ransomware really put the data exfiltration piece on the map, but other strains are following suit, including revisions to the big players, such as REvil and Ryuk. Recently, Ryuk has been found to employ a tool to exfiltrate some pretty specific data, including keywords that related to government and military operations.
If that isn’t bad enough, the attackers are even going after the customers of the organizations hit by the ransomware as shown in the attack against a plastic surgery clinic in Florida.
What this all means is that having good backups will no longer save you from a ransomware attack, and your current cyber insurance may leave you more exposed than you think. For this reason, talk to your insurance provider and be proactive in avoiding the infection by training your users with New-School Security Awareness Training from KnowBe4.