Skip to Content

Cyber attacks have no boundaries and are truly a global issue. All too often ransomware can be avoided with the right IT security and risk management procedures.

Ransomware scenario

1. Initial compromise of your environment
  • Microsoft RDP and Remote Desktop Gateway (RDG) can be used to provide remote access to computers and networks.
  • RDP/RDG attacks are an attractive and common way for hackers to access systems and steal valuable information from devices and networks.
  • A criminal group targets your organization with a phishing campaign.
  • Malware is successfully delivered to one of your un-suspecting users via a malicious attachment or web link in an email.
2. Malware is installed
  • The user opens the attachment and malware is unknowingly installed on the user’s PC.
  • Unbeknownst to the user, and your security and IT teams, the attackers now have a foothold in your environment.
  • Using this foothold, the hackers explore your network (still undetected) looking for vulnerable systems and sensitive data. This includes other users’ PCs but also servers supporting critical applications and file stores.
3. Ransomware is deployed
  • The criminal group has achieved the access they need and are ready to spring their trap.
  • They deploy a strain of ransomware which spreads across your network encrypting indiscriminately.
  • The attackers have now encrypted a material portion of your estate and parts of your business are completely disrupted while other parts are partially disrupted.
4. Extortion
  • The attackers demand £x million for the decryption key.
  • The attack also becomes public knowledge which causes reputational damage.
  • The regulator also wants to understand if there has been a mishandling of customer sensitive data – there is a risk of a significant fine.

Beazley's suite of cyber services

Claims expertise
  • Access to a diverse network of expert vendors with vast experience in these types of cyber incidents, including ransom negotiators, crypto-currency facilitators, data recovery specialists and other technical experts
  • Pre-agreed rates with expert vendors to save on any engagement issues a policyholder would otherwise face
  • A dedicated claims manager so that there is a single point of contact for policyholders 
  • Interim payments wherever possible
  • Online cyber business interruption guide