Consumer ransomware insurance? You could be painting a target on us all for avaricious crims Fire, theft, flood – and now cyber attack. Customers of a Californian biz offering payouts of up to $50,000 in case your cat videos get Wannacry’d but experts worry it could make the problem worse. Los Angeles-based firm Mercury Insurance reportedly began offering “cyber protection coverage” to its retail customers in the USA …
I wonder how many people will actually pay them for it when backup software / media is going to be much cheaper. A blue-ray burner, a 50-pack of disks, and some software is going to set you back, maybe, $200. External Blu-ray burners can be had for around $100 and 100-pack spindles of 25 GB discs are another $75.
I keep a physical copy of my OS and the backup software nearby, so if I have to, I can restore my system in an afternoon, especially with how much stuff is up in the cloud. I also keep a copy in my safe deposit box, so even if my house burned down, I'd be back up and running in no time (And that is assuming I wasn't able to grab my laptop before evacuating)
Because then more people will pay the ransom. What we should do is pass a law making it illegal for individuals, businesses or state/local governments in the US (and similar laws in the UK etc.) to pay ransom to hackers. It would be painful for a few initially if they don't do backups, but once hackers knew they'd not get paid they'd target elsewhere.
They've been mostly targeting city/county governments in the US, because they are small enough not to have decent on-site expertise but have the means to pay thousands or tens of thousands of dollars. Even if they have good backups it probably saves them money to just pay the ransom. Not a bad haul for a script kiddie using canned ransomware software and exploiting a security issue that should have been patched a few years ago.
Easy, the insurance is not allowed to be spent on the ransom, it must be spent on professional hitmen targetting the perpetrators. Should extinguish the problem in short order, with the added benefit that the perps get to feel some of the anguish of their victims. Joke icon because there are apparently laws against advocating effective solutions.
Exactly my thought when I now saw this kind of insurance advertised on billboards around Melbourne.
Not being in the charity business, insurance companies will surely have this calculated on how it makes them money. I dare say the exemptions and exclusions as to what measures you're expected to take to demonstrate "due diligance" before they pay out would make a mainframe (*) specialist blanch.
(*) semi-randomly picking an area generally considered to follow very high standards for security, resilience, availability, etc etc etc.
I think you're exactly right. I thought one of the 'due diligence' clauses might be that the client must take regular backups - that way the insurance company can just tell their customer to restore their backup and they will pay the $500 costs the customer incurs doing that (minus the $500 deductible/excess). If the customer hasn't got a recent backup then the claim is rejected.
Might not be such a terrible thing - the insurance company gets paid and the customer is highly motivated to take regular backups.
One enterprising individual working for siad insurance firm, a list of logged ip addresses that are protected and a few dollars online for some ransomware.
$25k each to an individual bitcoin address, that is then bounced around the blockchain, converted to cash via a numbered account, and pingged around the world a few times before disapearing to several mules at cash machines in several countries and slowly re-colleted in larger amounts via various intermediaries and piling up under a mattress
if the policy take-up gets big, your looking at easilly millions, and enought to dissapear to the non-extradition country of your choice for the rest of your life.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
