Post-Ransomware Cost Review
Envista's Data Loss Consulting team was brought in by a carrier to confirm a ransomware attack and determine the cost to remediate the damage. The insured was a mid-sized manufacturing company that sustained a ransomware variant that encrypted production data as well as inventory and accounting information.
During a ransomware event, a virus changes user data by converting it into a non-usable format via encryption. Then, a "ransom note" message is displayed that offers to decrypt the data in exchange for a form of digital payment. A ransomware virus can move throughout a network and impact any connected resources including backups.
The goal of any investigation after a ransomware attack is to provide recommendations for fair and reasonable costs to restore the network to pre-loss condition. A Data Loss Consulting expert was tasked with determining whether equipment replacements or upgrades were necessary and evaluating costs related to maintaining or installing software.
Due to the ransomware issue, the insured was looking to replace their server, network, and workstation equipment following the attack and claimed $50,000 in damages, which also included overage charges related to the business' online backup software.
In this case, an Envista expert determined that the ransomware attack did not physically damage the equipment, so it could be wiped and re-loaded instead of replaced, therefore the cost of the claim was to reload infected equipment only and restore a backup once overage charges were paid on the backup system, which was approximately $25,000. This amount could restore the network to pre-loss conditions and support overage charges in the data backup system. As such, Envista helped save our client $25,000.
NOTE: In some ransomware cases, limited purchases of IT equipment do occur, such as drives to speed up the data recovery process and store the encrypted files in case decryption becomes available via the IT community. However, as the goal is to restore the network to pre-loss condition, replacement of equipment or upgrades to security and software are not typically covered.
Our experts are ready to help.