IOTW: A Pennsylvania County Pays Ransomware Ransom Covered Under Insurance Plan

Add bookmark

Seth Adler

Delaware County, Pennsylvania, agrees to pay a $500,000 ransom after being hacked by DoppelPaymer ransomware.


Delaware County, Pennsylvania, moved some of its network offline the weekend of November 21st after discovering a security breach. Delaware County released the following statement regarding the attack: "The County of Delaware recently discovered a disruption to portions of its computer network. We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems." 

Local media reports list payroll, police reports, and purchasing reports as a few of the systems that were encrypted by hackers. In response, Delaware County made the decision to pay the $500,000 ransom. The county has cyber security insurance and will be minimally impacted by the hack financially.

Pennsylvania has been the target of several lawsuits from the Trump campaign alleging voter fraud which were rejected by Pennsylvania’s high court. However, the lawsuits have sprouted disinformation campaigns that are taking hold with various success across the nation. Delaware County addressed the election insecurities in regard to the attack, stating, “The Bureau of Elections and Emergency Services are separate computer networks from The County of Delaware and there is no evidence they were impacted by the disruption.”

Related: What Is The Last Thing To Do Before The End Of The Year?

The county is working with forensic specialists in an ongoing investigation and promises to update its residents when the investigation is over.

Lessons Learned

There is an ongoing debate on whether or not ransoms should be paid to cyber criminals. In the case of Delaware County, their cyber security insurance covered the hefty fee. In return, encrypted systems critical to running the county were decrypted quicker—and possibly cheaper—than they would have been had they hired outside experts to decrypt the systems.

Still, every successful ransomware attempt lines the pockets of hackers, who often reinvest a portion of their profits into further advancing their schemes. It also emboldens cyber criminals to target likely carriers of cyber insurance, including government and healthcare agencies.

Related: Adding Incident Response Containers To The Cyber Security Tool Belt

In other words, paying cyber security insurance is a double-edged sword. A March 11 report released by Deloitte uncovered that, “For every dollar in premiums collected from policyholders, insurers paid out roughly 35 cents in claims, making cyber insurance nearly twice as profitable as other types of insurance.” Not paying the ransom, especially for holders of insurance, can feel like a bad business move, but such a decision may be short sighted.

Quick Tips

In the same Ransoming Government report, Deloitte offers a third option: “Building well, operating well, and responding well.”  

  • Building well is a first line of defense. A well-built systems architecture compartmentalizes and manually backs up mission-critical data.
  • Operating well entails risk mitigation through proper cyber security hygiene. Examples include regular system updates and timely application and security patches. Additionally, investments must be made toward ongoing staff training and evaluation.
  • Cyber incidents aren’t ever 100% preventable, so every good cyber security plan needs a holistic response strategy. Constantly deploying new technologies to combat and remediate cyber attacks ensures that response technology is as up to date as possible, utilizing powerful new tools such as AI and ML. Additionally, building a network of cyber security knowhow and experiences helps to shine a light into the shadows. By sharing and reporting cyber security incidents, enterprises and governments can work together to get to the bottom of new schemes and prevent them from running rampant.

It is possible that dependence on cyber security insurance will have a negative blowback effect. If ransoms continue to be successful, ransom rates will continue to increase. If ransom rates continue to increase, insurance policies may enact certain prerequisites and increase rates. Thus, it is advantageous for all parties to do their best toward thwarting and mitigating ransomware attacks.

Read More: Incident Of The Week