Ransomware attack cripples SME

Background

The ransomware attack resulted in the encryption of all of the victim’s data. Fortunately, the majority of the data was saved, as the policyholder had a viable backup on D-3.
However, the attack led to a forced interruption of the SME’s activity, while the information system was being restored. Hence the need for immediate action to limit the losses incurred.

How Stelliant proceeded

Intervening within the framework of a damage insurance contract offering coverage against cyber risks, the expert seconded by the Stelliant group asked the company’s IT service provider to obtain a copy of the encrypted files, which were essential to materialise the attack.

The analysis of these elements confirmed the compromise of the information system, but also identified the methods used by the attacker. The specialist expert from the Stelliant group was able to make various recommendations. Starting with measures to strengthen the security of the system: installation of new hardware, data security, etc. in order to prevent the occurrence of new incidents in the future. The company was also encouraged to declare compromised personal data to the CNIL, whether it concerns its customers or employees.

At the same time, a financial expert from the Group analysed the insured’s claim items.

• On the one hand, the costs incurred in responding to the incident: IT service providers, acquisition of specific equipment, time spent by employees managing the crisis, etc.
• On the other hand, the operating losses linked to the ransomware attack.

With several hundred cybersecurity incidents handled each year, the Stelliant group relies on a substantial network, both on the technical and insurance sides: cybersecurity service providers, data recovery companies, specialist law firms, etc.

Aware that managing a cyber attack is a real race against time, the Stelliant group provides policyholders with a hotline available 24 hours a day, 7 days a week and entirely dedicated to incident response.