Buying cyberinsurance in case of a ransomware attack is a common action for organizations. But will the very fact you’ve taken that step make you more vulnerable to attack?
That may have been the case with Wootton Upper School in Bedfordshire, England. The Hive Ransomware Group has successfully hacked the school and threatened to exfiltrate private student data unless it forked over a £500,000 ransom.
It appears that the amount wasn’t chosen at random. According to a news report, the ransom group wrote a note to affected students and parents that said, in part, “We are very well informed and precise in our operations, so we know that Wootton have cyber insurance that reaches £500k.”
Whether or not Wootton will pay, or has paid, the ransom was not known as of the time of this writing. But the fact that the Hive specifically mentioned a cyberinsurance policy is a point that organizations should consider.
Allan Liska, a ransomware expert for Recorded Future and columnist for Ransomware.org, was quoted in an article explaining that this may signal a new wrinkle in ransomware criminals’ tactics:
“A £500,000 cyber insurance policy does not mean that an insurance company will pay it,” he said. “This is part of the expanded extortion ecosystem we see ransomware groups increasingly rely on – not just using information from the cyber insurance policy, but you can see the group has reached out to parents directly threatening to release their children’s sensitive information if the school doesn’t pay.”
In a video for Ransomware.org, Liska detailed some reasons that organizations may want cyberinsurance. Watch the whole interview here.