👎 Uninsured

Listen: if you pay ransoms, you are funding ransomware — is that what you want??

👎 Uninsured

Greetings, juicy readers of even juicier content

Sorry! I had three stonking deadlines this week so it's another short one! But perhaps you prefer that? I can never tell; sometimes it feels like I'm just chucking emails into the void (but that's fine; I love voids; thank you for being the best void a girl could ask for).

This week was something I could have done without 👎. Because:

r a n s o m w a r e...

👩‍💻 Ransomware? More like ransomUNAWARE amirite?

This week, through the dense fog of client work, one story really crystallised on my screen: ransomware is too expensive to insure. And why's that then? Probably because if you're a company in 2021, you are susceptible to ransomware simply by EXISTING.

I wrote about this a few months ago when I discovered a company who help organisations pay their bitcoin ransoms. Companies like this obviously say that they are doing good by helping unfortunate victims get their files back, but really all they're doing is funding more ransomware — and so are insurance companies.

🍺 Choke these facts down with your early evening beer:

  • Insurance companies are either cutting their cybersecurity limits in half from £10m to £5m, or just running aware from covering cybersecurity risks altogether
  • $590m in ransoms has been paid in just the first six months of 2021 — the whole of 2020 saw $416m, just FYI
  • Insurance companies are actually telling their policy holders to pay half of the ransoms themselves — big companies happily pay ransoms just to get their business back on track
  • Attackers actually target companies with insurance plans now — because those guarantee a payout.

Right okay, here's what baffles me completely: ransomware attacks are dangerously common (happening every 11 seconds this year apparently?), and the ransoms are in the millions these days. And YET HERE WE ARE: companies would rather pay insurance companies who don't even provide adequate cover, than invest in actual cybersecurity.

Of course, I'm saying 'companies' but what I mean is any entity, really — including critical infrastructure. A few months ago, I mentioned that I both hate and love ransomware. That is because in the 'old' days, hackers would just throw their attacks at the wall and hope that something would stick, just like with CD Projekt Red. But nowadays, a group of people may get together to plan a specific attack on a specific target. Will they attack Rupert Murdoch? Or an entire hospital? Or a network of electric vehicle chargers? Who knows!

Protip if you're a big organisation of some kind: why don't you have a cybersecurity department? Sorry that was more of a question than a tip.

Protip if you're just a person: ransomware is completely unpredictable and not always good/bad. It can destroy lives, or improve them, depending on the target. Unfortunately, most of them are guided by whatever will get the biggest payout.

Thank you for reading this short stubby issue of Horrific/Terrific – I have a feeling nextn week I'll have time to get back to normal.


💌 Seeing as you're at the end of this week's Horrific/Terrific, I guess you enjoyed it. Please express gratitude by donating money to me so I can keep doing this. You can share opinions/submit news stories any time on my Twitter or email.