Canadian insurance firm pays off hackers to remove ransomware

Canadian insurance firm pays off hackers to remove ransomware | Insurance Business

Canadian insurance firm pays off hackers to remove ransomware

An undisclosed insurance company in Canada suffered a ransomware attack sometime last fall, forcing the firm to pay off the hackers responsible for the malware.

While the cyberattack – which affected 1,000 computers – occurred last October, news of the incident made the headlines just recently after court documents filed in Britain by the insurance company’s UK-based reinsurer were published two weeks ago.

According to a December 13, 2019 ruling from the High Court in London, “a hacker managed to infiltrate and bypass the firewall of [the Canadian company] and installed malware called BitPaymer.” The attack became apparent to the insurer on October 10, 2019, when the firm noticed that its computers were locking up and displaying a ransom note, which demanded US$1.2 million for the release of the disabled systems.

The affected Canadian insurance company was referred to only as “the insured customer” in the ruling. The UK-based reinsurer was also left unnamed, since it asked the court for anonymity.

The cybercriminals also threatened to encrypt the files permanently if the Canadian insurer ever disclosed the incident to the public. In the end, the insurance firm’s UK-based reinsurer paid the hackers a US$950,000 ransom after managing to negotiate the price down.

After payment of the ransom, the Canadian insurer was given a digital decryption tool which took time to use, but fixed the affected systems.

“The information before me is that it took decryption of 20 servers of the insured customer five days and 10 business days for 1,000 desktop computers,” the High Court ruling read.

The UK-based reinsurer later filed the case in London High Court in an attempt to get the money back from the criminals responsible.

Read more: Manitoba insurance brokerage falls victim to ransomware attack

CBC News reported that – while very similar – this incident has no relation to a ransomware attack that occurred with the Manitoba-based insurance brokerage Andrew Agencies in December. The news outlet also attempted to get a statement from the Office of the Privacy Commissioner on whether it knew about the October cyberattack, but a spokesperson declined to comment, citing privacy concerns.