Ransomware cyber-attack interrupts the activity of an SME

THE CONTEXT

On arriving at its premises, the policyholder discovered that none of the data in its information system, on user computers and servers, was accessible.

After a diagnosis conducted by its usual service provider, it was determined that it had been the victim of a ransomware attack.

Since the policyholder had a viable three-day backup, only part of the data could not be restored.

Therefore, thanks to its backup system, the interruption of the business’ activity was limited to the time taken to clean up the information system.

GM CONSULTANT INTERVENTION

We intervened in this case in the framework of an insurance policy providing specific coverage against cyber risks.

At the time of our intervention the policyholder was no longer in possession of the technical elements required to establish the attack made against it and identify the malware involved.

The GM Consultant loss adjuster, an IT specialist, therefore requested a copy of examples of encrypted files on a USB stick from the IT service provider.

The analysis of these items made it possible to identify the virus that had compromised the policyholder’s information system and to obtain the technical elements required to confirm the compromise of the information system.

In parallel, GM Consultant also analysed the items of the policyholder’s claim – IT service provider costs and time spent by employees managing the crisis – and was thus able to submit an opinion on the damage sustained in connection with the application of guarantees.