CASE STUDY
Pet supply manufacturer faces double ransom by separate threat actors and receives no decryption keys
Industry
Manufacturing
Background
Employees: 21-250
Coverages: Breach Response, Business Interruption, Cyber Extortion, Digital Asset Restoration
1. The claim scenarios described here are intended to show the types of situations that may result in claims. These scenarios should not be compared to any other claim. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law.
2. The response included engagement of an incident response firm; the insured selected Coalition Incident Response.
When a pet supply manufacturer had its systems encrypted and was unable to correctly ship and fulfill orders, they contacted their third-party IT vendor to help. For four days, the IT vendor and the manufacturer tried to regain access to the network and debated using a decryption company to unlock the manufacturer’s systems. That’s when they finally called Coalition¹.
Immediately, our Claims team put a hold on moving forward with the decryption company, fearing it was another way for ransomware actors to take advantage of victims. While our Claims team ultimately couldn’t confirm the decryption company was ransomware actors, they advised the manufacturer not to use the service. Coalition Incident Response (CIR)² began their investigation and discovered the manufacturer was double encrypted by two separate ransomware groups—one they identified as Moonshadow. The other was likely a threat actor using Ransomware-as-a-Service.
Our Claims team suggested the manufacturer work from backups to restore its systems and get back up and running. However, the manufacturer preferred paying the ransom demands to resume business operations faster. Since they had Cyber Extortion coverage, the policyholder was able to recover $122,000. Unfortunately, the ransomware actors didn’t provide decryption keys. At this point, Claims hired a firm to help the manufacturer restore from backups under their Digital Asset Restoration coverage. As a result, they regained access to their systems nearly three weeks after the initial attack.
All in all, the manufacturer’s $4,504 policy premium saved them $127,907.26 in ransomware payments and fees, $45,000 in breach response, $35,000 in restoration, and we’re currently resolving their business interruption costs, which amounted to $133,000.
Coalition¹ brings together active monitoring, incident response, and comprehensive insurance to solve cyber risk. To learn more, visit coalitioninc.com.
Ready to learn more?
Blog
Our brokers and policyholders get access to all of the intel we have on how to prevent, remedy, and recover from breaches of all kinds.
Newsroom
We’re bringing a new approach to managing digital risk, and the world has noticed. Here’s what people are saying about Coalition.
Careers
We’re a team of experts, backed by powerful partners, developing a safer world.
Insurance products offered by Coalition may be written on behalf of third-party carriers including Allianz Group* (A.M. Best A+ rating), Arch Specialty Insurance Company (A.M. Best A+ rating), Ascot Group** (A.M Best A rating), Fortegra Group (A.M. Best A- rating), Lloyd’s of London (A.M. Best A+ rating), Swiss Re Corporate Solutions*** legal entities (A.M. Best A+ rating), Vantage Risk Specialty Insurance Company (A.M. Best A- rating), and Chaucer Insurance Company DAC (A.M. Best A rating).
