We expect to see some wicked creatures during the month of October. But what about the ones you don't see coming online? October is National Cyber Security Awareness Month. It was created by the National Cyber Security Alliance & the U.S. Department of Homeland Security in 2004. One of the most pressing cyber threats to all businesses and organizations is ransomware. Making headlines worldwide in 2017, attacks such as WannaCry and Petya have claimed healthcare systems, financial institutions, pharmaceutical companies, and logistics firms as some of their many victims. Ransomware is simply a type of malware (malicious software) which encrypts critical data and applications, rendering an organization's computer system completely unusable and bringing operations to a standstill. The financial impact can be substantial for large companies, but even more devastating for small businesses and non-profits - which are often the most vulnerable to begin with.

Most commonly transmitted through malicious emails or by directly exploiting vulnerabilities in applications and operating systems, most variants of the malware can quickly spread throughout a corporate network, making them difficult to contain. The attack motivations are usually monetary or political, with the growing proliferation of "ransomware-as-a-service" making hacking kits readily available to amateur criminals anywhere. Extortion demands can range from several hundred dollars to tens of thousands of dollars and payment is often requested in cryptocurrency (such as bitcoin) as a way to mask the identity of the perpetrators. Companies often feel they have little choice but to pay the ransom, obtain the decryption key, and hope to quickly restore access to their files.

Fortunately, there are a few basic steps that all organizations can take to plan for and mitigate the risk and impact of ransomware:

1) Plan Ahead

Working with their internal IT teams or outsourced service providers, companies should develop a process to regularly back up critical data and test the backup recovery process to minimize downtime in the event of a disruptive cyberattack. Putting together an incident response plan that contemplates ransomware is also an effective risk management strategy.

2) Patch and Update

Because ransomware and other types of malware often exploit known vulnerabilities in commonly used software and operating systems, it is crucial to use current and supported versions of these applications, and regularly apply the latest security patches to ensure they are protected.

3) Respond Quickly

Cyber insurance policyholders should contact their carrier as soon as ransomware is discovered. PHLY works with the country's top attorneys and forensic experts to contain threats and restore access to critical systems as quickly as possible.

Additional Resources
All PHLY Cyber policyholders receive complimentary access to the eRiskHub, our online cyber risk management portal. Access information can be found in your policy, or by contacting your agent or broker.

Written by Evan Fenaroli, Product Manager at Philadelphia Insurance Companies