Case Study: Supporting Insured through Ransomware Response and Recovery
With businesses relying more on digital infrastructure, cyber threats are becoming increasingly common, with malicious actors targeting sensitive data and systems. The fallout from these breaches can be devastating, from financial losses to reputational damage. A swift response is key to minimising impact and restoring operations.
Client Background
An employee at our Insured’s architectural firm attempted to log into their work account and was met with a ransomware demand of US$200,000, indicating that the firm's systems had been compromised by a threat actor.
Investigations revealed that several servers had been encrypted and rendered inaccessible, including administrative and financial data, as well as design information related to ongoing and prospective projects.
MSIG’s Response
Early in the incident, MSIG appointed an Incident Response Manager to ensure swift containment of the incident. Our cyber policy provided coverage for extortion loss, which enabled the Insured to engage a specialist cyber security firm, highly experienced in threat intelligence and negotiation. Based on the expert assessment and after exhausting all avenues to recover the impacted systems, MSIG endorsed the Insured’s decision to proceed with ransom negotiations as the last resort.
Results and Outcome
- MSIG's policy coverage and cyber specialist network enabled swift incident containment and recovery activiation.
- As further investigation revealed that the impacted network was beyond recovery, the cyber security firm engaged the threat actor as a last resort.
- The cyber security firm with its expert negotiators successfully reduced the ransom demand to about US$77,000.
- The payment was made in Bitcoin via a reputable and trust-worthy third-party broker.
- Following the cyber incident, our Insured implemented a series of proactive security enhancements on the advice of and in collaboration with the cyber security vendor. These measures include efforts to uplift cyber hygiene such as firewall enhancement, files backup strategy to security patch management and helped strengthen the company’s cyber security posture and reduced future risk exposure.
- The swift response reduced our Insured's overall exposure from the initial US$200,000 ransom demand - indemnified by the policy - while preventive measures continue.
- All legal and regulatory matters were resolved, and there were no penalties or restrictions actions imposed on the insured.
Why this Matters
This case highlights the real-world value of MSIG’s cyber insurance coverage. In a time-sensitive and high-stakes situation, MSIG’s proactive support helped our Insured navigate a complex ransomware attack with confidence and clarity.