An employee for a builders merchants retailer received a legitimate-looking email whereby the sender stated that they were looking for employment and attached their resume for the company’s perusal. Although the business was not actively recruiting, the employee’s curiosity got the better of them and they clicked on the email attachment which was in fact malicious and designed to spread ransomware across the recipient’s entire network.
The ransomware installed encrypted all the business’s files and staff were unable to access any of their key systems, including their till system and the company website. The attacker was demanding a payment of £10,000 to be paid in Bitcoin within 48 hours in exchange for the decryption code, if not the data would be destroyed. The policyholder immediately notified our partner’s cyber insurance incident response team straight away, who arranged the payment of the ransom and decrypted the affected servers within 2 days.
During this time, no customers were able to access the website and in-store, the till system was down meaning no card payments could be made. Staff had to complete all tasks manually, they could only take cash payments and all payment records were written down. Any telephone calls that came through had to be noted on paper and employees had to reassure callers that they would return the call once the business’s technical issues had been resolved. Once the systems were up and running, the policyholder had to pay overtime costs for employees to re-enter all manual information to the systems and return customer calls, which totalled thousands of pounds.
All costs associated in dealing with the response to the cyber breach were covered by the business’s cyber insurance policy, including a business interruption claim of £12,000 as a result of the website downtime and no online sales. If the builders merchants did not have cyber cover, the business would have been liable for these costs and responding to the breach would have taken much longer without the help of cyber experts. On average, it will take a business 4-6 weeks to respond to a cyber incident like this, however our cyber partner’s incident response team will usually have a business up and running just 3-4 days after an incident is first notified.
To learn more about our Cyber Insurance offering, please click here.