The criminals, from the RagnarLocker gang,
apparently never posted information about the
attack on their dark web leak site, suggesting
that Gallagher paid.
Of the three insurance brokers that ransomware
gangs claimed to have attacked in recent weeks,
posting stolen data on their dark web sites as
evidence, two, in Montreal and Detroit, did not
respond to phone calls and emails. The third,
in southern California, acknowledged being
hobbled for a week.
By the time the Colonial Pipeline and major
meat processer JBS were hit by ransomware
in May, insurers were already passing higher
coverage costs to customers.
Cyber premiums jumped by 29% in January
in the U.S. and Canada from the previous
month, said Gregory Eskins, an analyst at top
commercial insurance broker Marsh McLennan.
In February, the month-to-month jump was
32%, in March it was 39%.
In a bid to turn back ransomware-related losses
— Eskins said they amounted to about 40% of
cyber insurance claims in North America last
year — policy renewals are carrying new, stricter
rules or lowered coverage limits.
“The price has to match the risk,” said Michael
Phillips, chief claims officer at the San Francisco
cyber insurance firm Resilience and a co-chair of
the public-private Ransomware Task Force.
A policy might now specify that reimbursement
for extortion payments can’t exceed one-
third of overall coverage, which typically also
encompasses recovery and lost income and
can include payments to PR firms to mitigate