Let’s see how the insurance industry deals with this one. The claims process is underway…:
The LockerGoga ransomware attack was a wake-up call for the insurance and reinsurance industry and underlines the complex, emerging, and fast-moving nature of cyber risk, according to Property Claim Services (PCS) Co-Head, Tom Johansmeyer.
LockerGoga is the strain of ransomware behind the recent Norsk Hydro cyber attack, as well as multiple attacks on other industrial and manufacturing targets.
Norwegian aluminium manufacturer Norsk Hydro recently provided an updated loss estimate of NOK 400-450 million (USD$46-52 million) for the cyber attack, up from the previous 300-350 Norwegian crowns (USD $35-41 million).
Unlike more common types of ransomware, which typically encrypt some files on a machine but otherwise leaves it running, LockerGoga seemingly aims to maximise disruption, shutting down computers entirely, locking out their users, and rendering it difficult for victims to even pay the ransom.
At the same time, the fact the industrial sector was hit also makes this attack particularly unusual, and highlights the constantly evolving and ever-complex cyber risk landscape.
“I’ll be the first to admit that LockerGoga was a wake-up call. Impacting the industrial sector in the first quarter of 2019, this ransomware has led to at least one PCS®-designated global cyber event, and we’re watching five other companies for potential affirmative or non-affirmative claims related to the attack.
“Though smaller, in a lot of ways it looks and smells a little like NotPetya – in terms of global insurance industry impact,” said Johansmeyer, speaking with Reinsurance News.
According to Johansmeyer, what makes LockerGoga both alarming and noteworthy, is the fact sector is more important than size. Ultimately, a cyber catastrophe event simply wasn’t expected in the industrial sector.
“In fact, when talking through target-rich sectors with clients, I used to joke that no self-respecting nerd wakes up in the morning and says, ‘I’m going to bring the heavy industrial sector to its knees’.
“Of course, LockerGoga has shown us otherwise. More proof that cyber is new and emerging and fast-moving – all the things the global reinsurance industry has been saying about cyber for the last several years,” said Johansmeyer.
He continued to explain that so far, the insurance impact from LockerGoga has been fairly limited, but PCS Global Cyber has designated the Norsk Hydro affirmative cyber loss.
Previously, Johansmeyer told our sister publication, Artemis that it had started to investigate the ransomeware attack. For a cyber event to qualify for designation under PCS Global Cyber, it must generate a re/insured loss of at least $20 million.