Home / Daily / Cyber crooks ‘demanded ransom’ from ProRisk
21 June 2019
Cyber attackers who crippled systems at Insurance House Group demanded a ransom to restore operations, it has emerged.
As previously reported by insuranceNEWS.com.au, the June 9 attack affected all Insurance House operations including the brokerage and authorised representative network, but underwriting agency ProRisk was worst affected.
ProRisk Executive Director Hamish McDonald Nye says all systems across the group are now back online, and he has paid tribute to the “wonderful support” of brokers, clients and the wider market.
He says experts advised “not to engage” with those behind the extortion attempt, so the ransom was not paid.
“I can confirm the malware was a ransomware virus,” he told insuranceNEWS.com.au.
“It entered a user’s device via a phishing email, and its purpose was to encrypt files and extort money. ProRisk was not specifically targeted, which is a significant relief.
“It was not designed to extract data, so there has been no privacy breach, but it did systematically infect our network and devices.”
Mr McDonald Nye says a decision was taken not to engage with the attackers because nobody knew who they were.
Even if the ransom was paid, there was no guarantee systems would be restored, or that no further extortion would be attempted.
“It could have been anyone from a kid in their garage to the Russian mafia,” he said.
“It is very tempting [to pay], but we took the hard decision to shut down and isolate our network and clean everything up.”
He says others without ProRisk’s level of recovery planning and back-up might pay the ransom.
“The amount they were seeking is unknown, but ransomware payments vary depending on the nature and size of the business,” he said. “The way malware can be distributed at incredibly low cost and anonymously is terrifying for businesses.
“It is very hard to police, but this is the reality for individuals and businesses. We have to take every precaution, and then some.”
Mr McDonald Nye is unable to confirm the cost of the incident, or details of any insurance coverage in place.
“The cost of managing this is not insignificant. Our true assets are our staff and substantial hours were lost.
“But through this, myself and the senior management team have identified ways to do things better, and I’ve been so surprised by how pragmatic people are when faced with a crisis.
“There was no panic and we had regular meetings. No matter how busy you are as a leader, you have to communicate, to keep staff and the market in the loop.”