Published on: 17 May 2017 by Michael LambCategories: Hong Kong, Insurance
On Friday May 12th 2017 a Global Ransomware Attack hit more than 230,000 computers and servers in over 99 countries, according to Wired Magazine. An event that was once almost exclusively in the domain of Scifi and Speculative Fiction, including such titles as Neal Stephenson’s Reamde, has had a profound real-world impact on Government institutions and businesses across the globe.
The Trojan.Ransom.WannaCrypt Worm targeted Microsoft Windows operating systems by encrypting files on the system and demanding a bitcoin payment to release the computer back to the user. The attack was spread via Phishing Emails and vulnerabilities in unpatched (and outdated) Windows Operating systems including Windows XP.
Windows XP has been unsupported by Microsoft since April 8 2014, having launched in August 2001, and the breach by the WannaCrypt Worm was so severe that Microsoft actually released an emergency patch for XP systems – systems which have been out of date for almost 16 years at this point.
While many countries worldwide have felt some relief from the worm due to the unintentional fast actions of a cyber security expert in triggering a built in kill-switch, reports from China as of May 15th 2017 indicate that the worm is still active on the mainland and has had extreme consequences on a digital ecosystem which has been largely built on un-patched and bootlegged operating software.
The global impact of the WannaCrypt Worm comes only days after CCW Global published an article highlighting the danger of ransomware events, following the revelation by the Hong Kong Government that the Hong Kong-Macau-Zhuhai Bridge project had been the victim of its own ransomware incident in March 2017.
As we previously noted when discussing the Hong Kong-Macau-Zhuhai Bridge project ransomware event, Hong Kong has three critical absences when it comes to preventing and managing cyber-events like the WannaCrypt worm:
1) a lack of regulation concern Cybersecurity infrastructure outside of certain industries
2) a shortage of technical knowhow and manpower in relation to protecting against emerging Cyberattacks
3) a lack of awareness when it comes to preparing for a successful cyber-attack.
With Hong Kong insurers reporting less than 2% of local businesses holding some form of Cyber Insurance protection the exposure of local companies to the increasing sophistication of cyber-attackers is worrying.
According to an article published in the South China Morning Post on May 15th “Hong Kong… companies had been attacked 48 times on average from seven countries since Friday” and “WannaCrypt’s impact on the city was severe, although the Hong Kong Computer Emergency Response Team (HKCERT) said it had received reports from only three individuals and the government said there were no internal security breaches.”
However, it is important to note that the Hong Kong Government’s disclosure record in relation to ransomware events has been less than stellar – with the Highways Department only notifying the public about the Bridge Project hack 2 months after the event occurred.
Of high concern to the Hong Kong business community is the fact that Logistics companies seem to be bearing the brunt of local exposure to WannaCrypt, with one Logistics firm suffering an estimated 1,285 attacks from over 45 different countries. With Hong Kong being an Asian logistic hub, the impairment of logistics businesses to continue operations would have a severe impact on the entire local economy – potentially affecting food imports, container traffic, and manufacturing exports worldwide.
Proving that the impact of WannaCrypt is not easily dismissed is the extensive impact the worm had on the United Kingdom’s NHS. UK Public Hospital operations ground to a halt in the hours following the worm’s deployment with services being severely reduced, in part because of the reliance on legacy operating systems including Windows XP.
While the UK government has invested heavily in cybersecurity protection existing vulnerabilities in IT infrastructure (including bugs which have been known to be targets of attacks by NSA tools) meant that the impact of the worm was extensive and crippling – had it not been for the quick response of MalwareTech in finding the kill-switch on the worm the resulting lockdown of global computing systems would have been far more widespread.
Even with the kill-switch identified, MNCs and governmental organizations around the world still fell victim to the worm including such institutions as:
At present, over 30 globally recognized brands suffered from some form of ransom with the WannaCrypt attack, and details of the impact on smaller SME organizations around the world are still emerging. With the technical sophistication and knowhow of these global businesses still leading to vulnerabilities, it is naive to assume that a business is comprehensively protected against cyber-attacks even if it takes the most stringent measures to implement sophisticated front and back-end security. Legacy computing systems, user error, and simple social engineering are all avenues for digital disruption even with the most sophisticated security in place.
Crisis management is critical in the wake of a cyber attack – especially when dealing with ransomware. Should the ransom be paid? Who will make the payment? Is the system recoverable by other means without paying the ransom?
While many of the MNCs impacted by the WannaCrypt attack will have had dedicated security and operational teams looking into how to best manage the worm’s effect on their business, most SMEs and companies in Hong Kong will not have the manpower to implement comprehensive management protocols in the event of an IT lockout; especially if those same businesses are attempting to continue day-to-day operations without suffering a massive financial loss.
The proof of this can be seen in the operations of PetroChina, a massive State Owned Enterprise which has wide reaching IT support, has suffered critical failures with regards to payment processing leaving customers across China unable to pay for petrol in anything other than Cash. Credit Cards, AliPay Facilities, and other electronic transactions have effectively ground to a halt – leading to an enormous supply chain headache across the country, and significant financial losses for PetroChina itself.
Cyber Insurance is specifically designed to handle the aftermath of situations like the WannaCrypt Worm. By offering top down management and liability protection, businesses are able to ensure continuity of services whilst dealing with a ransomware or hack event and worry about weathering the impact of the event rather than if they will actually be able to survive it!
By having a fallback in place, just as the company would were it dealing with an Employees’ Compensation or Professional Indemnity claim, is invaluable in navigating a cyber crisis of this magnitude and the experience of full time cyber claims handlers in assisting an organization’s recovery will help with the successful resolution of the attack. Whether this resolution requires legal counsel, the assistance of external Public Relations firms, the payment and management of ransoms, or the restoration of critical IT infrastructure, a Cyber Insurance policy is specifically designed to provide valuable support in exactly this type of crisis.
Because of this it is extremely worrying that so few Asian businesses have considered the implementation of Cyber Insurance as part of their operational due-diligence. The proof that an event of this magnitude can happen to any business is seen in the list of companies hit by WannaCrypt, so failure to implement effective risk-management structures will be seen as an institutional failure by the part of shareholders as attacks of this type become increasingly common.
Cyber Insurance is not a single solution or a complete guarantee that companies will not be impacted by Cyber Attacks like WannaCrypt, but it is and should be part of a complete risk management solution undertaken by businesses in the modern world; especially as we wait and see what the fallout from this latest event will be.