Preventable ransomware attack leads to unrecoverable $700,000 loss

A 10 attorney law firm discovered the cost of failing to protect its systems from ransomware the hard way.  An attorney clicked on a phishing e-mail, leading to a ransomware attack.  The firm apparently did not have a recoverable backup and was forced to negotiate with the criminals, who extorted a $25,000 ransom to provide a decryption key.

As a consequence of the extended outage, the firm lost $700,000 in billings.  To add insult to injury, the firm’s cyber liability insurance did not cover loss of business income for ransomware.

The firm is now suing their insurance carrier, but they are unlikely to prevail.  See more details at: http://www.abajournal.com/news/article/victimized_by_ransomware_law_firm_sues_insurer_for_700k_in_lost_billings

According to Patty Juneau of PMJ Insurance Services www.pmjinsurance.com , “Unfortunately this happens all too often. Consumers rely on their business owners policy to provide adequate cyber coverage which it is not designed to do.  Ransomware coverage is readily available on all cyber policies as an add-on and it is NOT expensive. With hackers targeting small to mid-size companies this is a “must buy” coverage.  If proper agent representation was in place and the law firm obtained a comprehensive cyber liability and security policy, the outcome would be very different.”

At Alvaka, we feel you can avoid losses like these in the vast majority of cases through inexpensive yet effective cybersecurity practices.  They include:

  • ​Eliminate Spam in your Inboxes.  Users cannot click on phishing e-mails they don’t receive.
  • Patch your systems and run with Limited Rights. Malware targets vulnerable systems.
  • Test your offsite backups to confirm you can recover them.  You’ll never pay a ransom for files you can recover on your own.
  • Review your cyber liability insurance policy for adequate coverage BEFORE your claim.