back to article Consumer ransomware insurance? You could be painting a target on us all for avaricious crims

Fire, theft, flood – and now cyber attack. Customers of a Californian biz offering payouts of up to $50,000 in case your cat videos get Wannacry’d but experts worry it could make the problem worse. Los Angeles-based firm Mercury Insurance reportedly began offering “cyber protection coverage” to its retail customers in the USA …

  1. redpawn Silver badge

    I know someone in Russia

    If you want to get in on this, just send me $500 and I will get you in contact with my friend who will split the $50k with you.

  2. Crazy Operations Guy Silver badge

    The real crime is that no one does backups anymore

    I wonder how many people will actually pay them for it when backup software / media is going to be much cheaper. A blue-ray burner, a 50-pack of disks, and some software is going to set you back, maybe, $200. External Blu-ray burners can be had for around $100 and 100-pack spindles of 25 GB discs are another $75.

    I keep a physical copy of my OS and the backup software nearby, so if I have to, I can restore my system in an afternoon, especially with how much stuff is up in the cloud. I also keep a copy in my safe deposit box, so even if my house burned down, I'd be back up and running in no time (And that is assuming I wasn't able to grab my laptop before evacuating)

    1. c1ue

      Re: The real crime is that no one does backups anymore

      Some people do backups, but attackers will go after the backups too.

      1. Mayday


        The air gap model of burning to Blu-ray or other external, removable and even write-once media can stop the baddies getting to the backups.

        Very inneficient, pain in the arse to restore and all that but will remain intact whilst everything else is a mess.

        1. BebopWeBop Silver badge

          Re: Backups

          It probably will but if the attackers have been cunning and patient, your significant backups might end up being locked without some rather more expensive remedial action.

        2. Anonymous Coward
          Anonymous Coward

          Re: Backups

          I'm using BackBlaze, for a ridiculously-low fee, to back up my computers. As I have my software configured to back up versions of my files, it should protect against these sorts of attacks. (Running Linux also decreases my chances of getting hit.)

  3. Anonymous Coward
    Anonymous Coward

    We regret to inform you that your insurance claim has been rejected. Clause 1563.6.Z of your policy expressly forbids opening email attachments named Emma_Watson_Wardrobe_Malfunction.pdf, sent to you from an unknown sender.

  4. DougS Silver badge

    Insurance will just make the problem worse!

    Because then more people will pay the ransom. What we should do is pass a law making it illegal for individuals, businesses or state/local governments in the US (and similar laws in the UK etc.) to pay ransom to hackers. It would be painful for a few initially if they don't do backups, but once hackers knew they'd not get paid they'd target elsewhere.

    They've been mostly targeting city/county governments in the US, because they are small enough not to have decent on-site expertise but have the means to pay thousands or tens of thousands of dollars. Even if they have good backups it probably saves them money to just pay the ransom. Not a bad haul for a script kiddie using canned ransomware software and exploiting a security issue that should have been patched a few years ago.

    1. quxinot Silver badge

      Re: Insurance will just make the problem worse!

      I thought you were going to suggest making insurance of all types illegal.

      Got my hopes up and everything.

    2. Marcus Fil

      Re: Insurance will just make the problem worse!

      Easy, the insurance is not allowed to be spent on the ransom, it must be spent on professional hitmen targetting the perpetrators. Should extinguish the problem in short order, with the added benefit that the perps get to feel some of the anguish of their victims. Joke icon because there are apparently laws against advocating effective solutions.

  5. Michael Hoffmann

    Exactly my thought when I now saw this kind of insurance advertised on billboards around Melbourne.

    Not being in the charity business, insurance companies will surely have this calculated on how it makes them money. I dare say the exemptions and exclusions as to what measures you're expected to take to demonstrate "due diligance" before they pay out would make a mainframe (*) specialist blanch.

    (*) semi-randomly picking an area generally considered to follow very high standards for security, resilience, availability, etc etc etc.

    1. Bendacious

      I think you're exactly right. I thought one of the 'due diligence' clauses might be that the client must take regular backups - that way the insurance company can just tell their customer to restore their backup and they will pay the $500 costs the customer incurs doing that (minus the $500 deductible/excess). If the customer hasn't got a recent backup then the claim is rejected.

      Might not be such a terrible thing - the insurance company gets paid and the customer is highly motivated to take regular backups.

      1. katrinab Silver badge

        The problem is if the backups get infected, which is actually very likely to happen.

      2. Carpet Deal 'em Bronze badge

        How often do the demands exceed $500, though? Even without a backup requirement, this sounds like free money for the insurance company.

  6. katrinab Silver badge

    How long

    before someone does a ransomware attack on themselves to collect the $50,000 payout?

    You get $50,000 of bitcoin transferred to an anonymous wallet. Hold it for a while and hope the price doesn’t collapse, then transfer it around to various places and cash out.

    1. Robert Helpmann?? Silver badge

      Re: How long

      ...before someone does a ransomware attack on themselves to collect the $50,000 payout?

      Some of the oldest archaeological evidence of fraud dates back hundreds of years (weighted dice), so my guess is that as soon as the product is available it will be abused, because people.

      1. Anonymous Coward
        Anonymous Coward

        Re: How long

        Heh, try thousands. Hegestratos, 300 BC, committed insurance fraud.

  7. EnviableOne Bronze badge

    All it takes...

    One enterprising individual working for siad insurance firm, a list of logged ip addresses that are protected and a few dollars online for some ransomware.

    $25k each to an individual bitcoin address, that is then bounced around the blockchain, converted to cash via a numbered account, and pingged around the world a few times before disapearing to several mules at cash machines in several countries and slowly re-colleted in larger amounts via various intermediaries and piling up under a mattress

    if the policy take-up gets big, your looking at easilly millions, and enought to dissapear to the non-extradition country of your choice for the rest of your life.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019