City ups cyber cover after ransomware attack

City ups cyber cover after ransomware attack | Insurance Business

City ups cyber cover after ransomware attack

The city of Baltimore is set to renew its cybersecurity insurance worth $20 million – more than a year after it suffered a debilitating ransomware attack.

The $20 million insurance coverage is split between Chubb Insurance and AXA XL, and once renewed it will run from November 01, 2020 to November 21, 2021.

According to the city’s Board of Estimates agenda, the cost of renewing the insurance will be $949,172 – Chubb’s premium would be about $569,000, with AXA XL’s around $380,000.

The agenda revealed that 10 insurance carriers submitted bids for the renewal of the cyber policies, but Baltimore ultimately went with the same insurers it chose last year.

Baltimore Business Journal reported that the cost to renew Baltimore’s cyber insurance represents an increase of approximately $115,000 in premiums.

The city sustained a debilitating ransomware attack last year, which later prompted officials to create a cybersecurity-focused council committee.

Read more: Baltimore government’s computers held hostage by hackers

“We all remember the devastating impact the ransomware attacks had on our city and it’s our responsibility to ensure nothing like that ever happens again,” said Baltimore council president Brandon Scott, who also spearheaded the establishment of the cybersecurity council committee.

The ransomware incident occurred on May 07, 2019. Malicious actors managed to infect about 10,000 of the city’s computers with the malware RobbinHood. The city’s Department of Public Works, the Department of Transportation, and the Baltimore Police Department were all affected by the ransomware. In addition, the Baltimore Health Department was also impacted, preventing epidemiologists from warning local patients of overdose risks with certain drugs.

The attackers demanded city officials pay a ransom of 13 bitcoins in exchange for the release of the encrypted systems within 10 days, but warned that for each day their demands were not met, the ransom price would increase. If the ransom was not paid within 10 days, the hackers threatened to leave the encrypted systems locked for good.

Baltimore ultimately declined the ransom, and lost $18 million to direct costs and revenue shortfalls following the attack. The city also lost all data that it had not backed up prior to the malware infection.