Having technical details on how their AD was infected and what they did to clean up would be useful for everyone. Much more than financial data, unless El Reg wants to become the new WSJ?
Sopra Steria: Adding up outages and ransomware cleanup, Ryuk attack will cost us up to €50m
Sopra Steria has said a previously announced Ryuk ransomware infection will not only cost it "between €40m and €50m" but will also deepen expected financial losses by several percentage points. The admission comes weeks after the French-headquartered IT outsourcing firm's Active Directory infrastructure was compromised by …
COMMENTS
-
Thursday 26th November 2020 09:10 GMT Mike 137
30M insurance, 50M cost
Once again, I see the same pattern emerging. Risk assessments that over-estimate likelihoods but under-estimate consequences. The most important failing is usually failure to aggregate all the consequential costs, as these can appear at several stages past the event (clean up, down time, restoration, liability defence costs &c.).
An organisation I consulted with a while back had a minor malware infection that they were slow to control the spread of. It did no actual damage other than a bit of day to day business disruption - all that was needed was some restores from backups. However the process of identifying, controlling and recovering from it took about four weeks and tied up the entire senior IT team - total cost in the region of $2M.
-
Thursday 26th November 2020 09:25 GMT 0laf
Having an insurance policy isn't the same as insurance paying out in the event you make a claim.
Ransomware taking out a large business smacks of a company paying lip service to the risk, not preparing for a known attack and probably not training staff to not click on phishing emails. Admittedly this may have been a targetted attack with well crafted emails but the characteristics of ransomware are well known, not new and mitigations can be put in place.
I would suspect the insurers will be investigating many ways to get out of paying.
If you have house insurance they won't pay out for a burglary if you don't lock your doors. I don't imagine cyber insurance will pay out if you haven't carried out best practice. TBh I don't know anyone that does, not really.
-
Thursday 26th November 2020 12:17 GMT Snorlax
Having an insurance policy isn't the same as insurance paying out in the event you make a claim.
This. Anybody who’s ever made a car or home insurance claim knows what slippery, devious f***ers insurance companies are.
If data is exfiltrated and published by the attacker (e.g. Maze), you can start thinking about how big your GDPR fine might be...
-
Thursday 26th November 2020 14:01 GMT MJB7
Training
"training staff to not click on phishing emails" - I don't doubt the insurance company will try and avoid paying out because of the lack of training, but we know that (to a first approximation) such training doesn't work. Training staff not to use email from privileged accounts is much more likely to be useful.
-
Thursday 26th November 2020 14:30 GMT 0laf
Re: Training
If training is a mitigation against the fines it's worth doing, considering how large the fines for GDPR are (at least the point of issue). It may only be marginally effective against the attack but even a small number of avoided minor incidents can easily make the training economically worth while especially if it is effective in stopping staff clicking on shit at home then taking days off to fix their mess.
The ICO expects DP training to be given to 95% of staff annually. Right down to your cleaning staff who may encounter presonal informaiton when clearing desks etc.
-
-
Thursday 26th November 2020 17:34 GMT Velv
Underinsured
Insurance companies often have tricky wording to limit pay outs where the policy holder is underinsured.
Sopra may be insured for £30m (i.e. that is the maximum they expect the insurance to pay out in the event of a loss), but they claim they're losses are £50m. Taking the Insurance company words, they underinsured at 3/5ths, so they will only pay out 3/5ths the insured value, £18m.
-
-
-
-
-
Sunday 29th November 2020 05:34 GMT pc-fluesterer.info
Linux is immune (was: Re: lesson learned?)
"Ransomware attacks exist on Linux as well as Windows" - WRONG.
Please give us one example - only one, pleeeease! - of an attack vector similar to those in the M$ biotope. A malware attack similar to those under Windows is IMPOSSIBLE against a Linux (or xBSD) desktop and network. You always need a maliciuos insider (such as 'evil maid') and/or severe blunder of system management.
Web servers are even more endangered. Why do the majority of web servers world wide run on Linux or xBSD? All successful attacks against Linux/xBSD web servers I know of were based on administrators errors (weak password and the like) and/or security holes in application SW (CMS, shop, database, ...). Which again is an administrative or system management error: Available patches not applied. NEVER was a weakness in the underlying OS Linux or xBSD part of the attack vector - in all cases I know of. Do you know better?
To make that clear: I am talking about the usual mass attacks. If you are target of a governmental "service" - they find their way sooner or later, so good luck! :-)
-
-