On Friday, May 12, 2017, a massive ransomware attack swept across
the globe. As of the date of this post, the attack reportedly had
infected more than 100,000 organizations in 150 countries. The
attack continues to propagate in different and more malicious forms
and it is likely some of our clients have been impacted.
This malware, called “WannaCry,” locks out users and threatens to
destroy data unless the victim pays a ransom to decrypt the data.
The initial ransom demand was $300, to be paid in Bitcoin, and it
is reported that the demand is increasing. It is unclear whether
the ransom payment will buy the freedom of a single computer or an
entire network. If the former, the attack may prove very expensive
if companies agree to pay the ransom.
Impacted companies should immediately review their cyber insurance
policy if they have purchased one. Many cyber policies offer ransom
or extortion coverage, which includes the cost of the ransom
payment. Cyber policies also typically provide coverage for the
cost of investigating and responding to a ransomware attack and for
lost business income arising from the attack.
Timing is very important. Most cyber insurance policies provide
coverage only for costs incurred after the insured notifies the
insurance company. Therefore, the costs that businesses are
incurring this weekend to respond to the WannaCry attack, including
ransom payments, will not be covered unless the business provides
notice to the insurance company prior to incurring the payment.
Some policies also require that the policyholder inform the
applicable law enforcement agency and obtain the insurer’s consent
before making any ransom payment. Therefore, despite the urge to
move swiftly in response to this crisis, we recommend policyholders
understand and comply with the notice provisions of their policies
to insure they preserve their right to insurance coverage.
In addition to these insurance considerations, there are a number
of critical decision points facing affected companies right now,
including whether to pay the ransom, how to comprehensively assess
and remediate any damage done, which other parties to include in
this process, and what actions may need to be taken to comply with
applicable law. Actions that companies take today may have lasting
consequences long into the future.
Please contact us if we can assist in responding to these malware