Your money or your data! A Discussion of Ransomware

Your client, ABC Corp. is going about their business and then they get this message:

socius - moneyordatea

The above is a typical ransomware message according to a recent Symantec Security Response report. What’s next? Pay the “ransom” and move on? Ransomware is a type of malware or malicious software, that is designed to block access to a computer or computer system until a sum of money is paid. After executing ransomware, cyber criminals will lock down a specific computer or an entire system and then demand a ransom to unlock the system or release the data. This type of cyber crime is becoming more and more common for 2 reasons:

  1. Cyber criminals are become increasingly more organized and well-funded.
  2. A novice hacker can easily purchase ransomware on the black market

According to the FBI, this type of cyber crime is increasingly targeting companies, government agencies, as well as individuals. The most common way that criminals execute their evil mission is by sending attachments to an individual or various personnel at a company. The busy executive proceeds to  open up  the file, sees nothing, and continues with his work day. However, once the file has been opened, the malware has been executed and Pandora has been unleashed from the box! Now that the malware has been unleashed, a hacker can take over the company’s computer system or decide to steal or lock up key information. The criminals then make a “ransom” demand on the company for a certain dollar amount. The ransom is usually requested in bitcoins, a digital currency also referred to as crypto-currency that is not backed by any bank or government but can be used on the internet to trade for goods or services worldwide. One bitcoin is worth about $298. Surprisingly, the amounts are generally not exorbitant (sometimes as nominal as $500 – $5,000 dollars). The company then has the choice to pay the sum or to hire a forensics expert to attempt to unlock their system.

Socius Monthly Article_Your Money Your Data

The best way companies can attempt to guard against such cyber crime attacks is by educating employees on the prevalence and purpose of malware and the danger of opening suspicious attachments. Employees should be advised not to click on unfamiliar attachments and to advise IT in the event they have opened something that they suspect could have contained malware. Organizations should also consider backing up their data OFF the main network so that if critical data is held hostage they have a way to access most/part of what was kidnapped. Best practices also dictate that company systems (as well as individual personal devices) be patched and updated as soon as the upgrades are available.

Finally, in the event you are a victim of a ransom attack, you would need to evaluate whether or not that compromise of your data/system also constitutes a data breach incident. If the data hijacked is encrypted, notification is likely not necessary (as the data would be unreadable by the hacker). However, in the event the data was not encrypted, or that you cannot prove to the authorities/regulators that it was, notification to clients or individuals is likely necessary.


Cyber extortion is more prevalent than most people realize because such events are not generally publicly reported. In order to protect against this risk, we recommend that companies employ best practices with respect to cyber security and that they consider purchasing a well tailored cyber policy which contains cyber extortion coverage. Such coverage would provide assistance in the event a cyber extortion threat is made against the company, as well as fund the ransom amount in the event a payment is made.

Please feel free to contact your Socius producer if you would like to discuss cyber extortion coverage.

This article was authored by Kevin Kershisnik, Laura Zaroski, and Cynthia Zimmerman of Socius Insurance Services. 

About Socius Insurance Services, Inc.
Socius Insurance Services, Inc. is a property/casualty and management liability wholesale broker based in San Francisco, with regional offices in Los Angeles, CA; Elgin, IL; Birmingham, AL; and Tampa and Miami, FL. Socius specializes in D&O, E&O, EPL, property & casualty and umbrella coverages. Founded in 1997, the company currently has approximately 50 employees, and is privately held.

Meet our new Claims Consultants

Socius_Complex Claims_V4

Enlarge the image to meet our Socius Claim and Coverage Assistance Team!

To better service our clients, we have expanded and updated our Claim Reporting Process and Claim Consulting Services. 

As you know, Socius always strives to provide you with the best service in processing your clients’ claims and answering any claim and coverage questions.

In the past, our optional claims reporting service was handled by our claims liaison, Rob DeGroat. In an effort to provide more efficient service to you, we are moving the claims reporting service back to your broker service team. Please process claims going forward as follows:

  • If you want Socius to process claims, submit them to the Socius broker team members with whom you bound the policy.  By transferring this role back to the team, we feel that we’ll be able to provide you with more timely service since you’ll be dealing with the people who know you and your clients.
  • As before, you and your clients can also report claims directly to the carrier if you prefer.


Whenever difficult claims or complex coverage scenarios arise, Socius has dedicated consultants who stand ready to assist you with:

  • analyzing and interpreting a reservation of rights letter or denial of coverage that has been issued by a carrier
  • resolving problematic claim issues to the greatest extent possible and in the most efficient manner
  • answering complex coverage questions