​Crawford fields enquiries over WannaCry hack – warns of supply chain risk

While current known attacks remain aligned to a traditional ransomware disruptive vector, it clearly spreads rapidly jumping vertically across systems so interconnectivity will need to be carefully considered.

Crawford & Company’s cyber claims experts are responding to calls from insurers and corporates looking to ascertain any potential exposure to the WannaCry cyber-attack last week.

With the risk of losses potentially escalating as the working week began, Paul Handy, Global Head of Cyber Risks said “WannaCry appears to be a relatively straightforward, but highly mobile, ransomware which has targeted outdated or legacy Microsoft XP systems – aligned to larger or government managed IT platforms.  Many of these organisations are self-insured or have high retentions, rendering primary exposures low in this instance.”

Paul goes on to say “Government agencies have warned of the indiscriminate nature of this attack. Microsoft provided a patch on Friday for systems but a new version of the ransomware was created as the hackers changed up. Meanwhile, there will also very likely be copycat style attacks, which will add complexity.”

“One other aspect to be aware of is supply chain risk,” says Paul. “This would normally be picked up under a cyber insurance policy and may lead to a number of notifications where outsourced operational systems are impacted. While current known attacks remain aligned to a traditional ransomware disruptive vector, it clearly spreads rapidly jumping vertically across systems so interconnectivity will need to be carefully considered.”

About Crawford & Company’s Cyber Response Solution

Crawford & Company provides a single point of contact and a 24/7 incident response platform to report cyber incidents with qualified incident managers helping insureds navigate through the complexities of a cyber incident from start to finish. Crawford manages access to a global network of crisis management service providers including legal, cyber extortion, public relations, I.T. forensic investigation, credit monitoring and forensic accountancy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: