Insurance company which provided ransomware protection got infected with it; $1M USD paid to hackers

Ransomware incidents keep attracting the attention of the cybersecurity community. A few days ago, a Canadian insurance firm revealed that, last October, it resorted to temporary disabling of all its computers after detecting a ransomware attack for which they had to pay nearly $1 million USD to hackers. The incident was not revealed at the time, although it was now released due to the company’s efforts to claim the ransom.

It appears that this Canadian insurer has an agreement with another UK-based insurance company that has brought a case before a British court due to the economic loss arising from this incident. The British company offers insurance services in case of cyberattacks. The name of both companies has been concealed in the lawsuit filed.

Simon Bryan, the judge in charge of the case, ruled that the hacker, or hackers in charge of the attack, somehow managed to infiltrate the networks of the affected company, bypassing cybersecurity measures, such as the firewall. After getting access, they began to lock the files on the company’s servers and desktop machines, leaving a ransom note.

“Your network has been hacked and encrypted. There is no free software available on the web to unlock your systems. Send us an email to pay the ransom. Keep this contact safe; disclosing this information will lead to the permanent loss of your information,” mentions the note left by the attackers.

The affected company hired an expert in ransomware incidents handling, who recommended them to negotiate with the attackers; in the end, the insurance company agreed to a payment of 109.25 Bitcoin (about $950k USD, according to the current exchange rate). The original amount demanded by the hackers was more than $1 million USD in Bitcoin. Five days after maintaining some limited operations, the company completed the recovery of all of its systems.

Although the incident was dealt relatively successfully, the company did not stand by and hired a cybersecurity firm to track the Bitcoin transaction. Despite hackers had time to exchange Bitcoin for other cryptocurrencies, the researchers managed to reach the original Bitcoin address, pursuing a lawsuit against the address owner and the cryptocurrency exchange platform.

Although there is no way to fully prevent a ransomware attack, the International Institute of Cyber Security (IICS) recommends training employees in all areas of an organization to recognize potential cybersecurity threats, limiting access with administrator privileges on machines that don’t require it, not to mention the creation of security backups.