Cyber Incident? Get Help

CASE STUDY

Manufacturer gains decryption keys — without paying the ransom

Manufacturer working on steel workshop

Industry

Manufacturing

Background

  • Employees: ~500

  • Coverages: Ransomware, Breach Response, Business Interruption

A large manufacturer suffered a ransomware attack with a $1.2M demand to provide the decryption key. They reported the incident to Coalition¹, and we immediately engaged breach counsel and an incident response firm to investigate and respond to the incident— they selected Coalition Incident Response (CIR).² ³

The manufacturer had hoped to restore from backups to get their systems running again, but they didn’t have viable backups. Unable to operate without access to their systems, they were projecting losses of $1M per day and were seriously considering paying the ransom — that is, until CIR suggested an alternative idea.

CIR contacted law enforcement in search of a decryption key for this specific ransomware variant. Fortunately, a decryption key was available and, after testing it in a controlled environment, CIR delivered the key to the manufacturer. Within a day, they decrypted their systems and promptly resumed business.

Thanks to Coalition’s cooperative effort with law enforcement, the manufacturer successfully avoided a seven-figure ransom payment. Their Breach Response and Business Interruption coverages handled the cost of forensic investigation, notification, breach counsel, data mining, and business interruption.

Coalition¹ brings together active monitoring, incident response, and comprehensive insurance to solve cyber risk. To learn more, visit coalitioninc.com.

2. Breach response included the engagement of an incident response firm; the insured selected Coalition Incident Response. 3. The claim scenarios described here are intended to show the types of situations that may result in claims. These scenarios should not be compared to any other claim. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law.