This article is more than 1 year old
Consumer ransomware insurance? You could be painting a target on us all for avaricious crims
D'ya hear that, cybercrooks? $50k up for grabs.
Fire, theft, flood – and now cyber attack. Customers of a Californian biz offering payouts of up to $50,000 in case your cat videos get Wannacry’d but experts worry it could make the problem worse.
Los Angeles-based firm Mercury Insurance reportedly began offering “cyber protection coverage” to its retail customers in the USA earlier this month.
“Homeowners and renters have enjoyed the added convenience provided by computers, tablets and smartphones, but these devices create new opportunities for cybercriminals to infiltrate your home,” the firm’s Jane Li informed the Orange County Register (no relation to Vulture Central).
Thus, should your stock of cat videos and unpublishable memes become subject to a ransomware attack, you can make a claim for the cost of the ransom. On top of that, you can also get hold of “professional assistance from cyber extortion experts”, which we hope isn’t like the sort of “help” coming from Red Mosquito that we covered previously. With an excess of $500 on an annual premium of just $30, and cover within and without the home, it seems like a reasonably good deal on the face of it.
“An example of a cyber-attack claim is if you receive a ransom demand on a computer after noticing your files are locked,” Li told the OCR. “The demand states that you need to pay $2,000. Mercury will review the claim and if credible, cover the insured’s loss.”
But what about unintended consequences
Brett Callow of antivirus biz Emsisoft opined that while “ransomware attacks against home users have been in steady decline” because businesses are more lucrative targets, “if policies such as this become popular, it could change that dynamic.”
“In the past, threats actors would’ve had a near-zero chance of getting a $50k ransom from a home user to unlock their collection of cat memes, but an insured victim could be willing and able to pay,” warned Callow. “And, of course, home users likely make for softer targets than businesses, making them an even more attractive target.”
Jason Nurse, a cybersecurity boffin from the University of Kent, was skeptical about whether the product would trigger increased attention and large payouts by insurers.
Massachusetts city tells ransomware scumbags to RYUK off, our IT staff will handle this easilyREAD MORE
“£50k is quite substantial for an average consumer ransomware attack, and would almost certainly – depending on the wealth of the individual – result in no payment,” he told us.
“Cybercriminals that target consumers via ransomware are more interested in making ‘some’ money from large amounts of people rather than hoping that they will make £50k from a single person/home. This may well change in the future – say in 5-10 years – when entire homes/cars are connected (the smart home/city dream) and a ransomware attack locking down an entire home becomes much more impactful.”
While cynical minds might think that offering a clearly defined $50,000 limit on payouts might trigger ransomware crooks into upping their ransom demands to, say, $50,000 a pop, and encourage them to target ordinary consumers instead of businesses, for now we might get lucky.
For now. ®