You've probably heard about the recent ransomware attack on Wootton Upper School and Kimberly College, both of which are part of the Wootton Academy Trust and are located near Bedford. A large amount of information was obtained, including student medical information, home addresses, and bank account information.
The attack was carried out by the infamous Hive Group, which contacted students and parents to inform them of what had been taken and that these data would be leaked if a £500,000 ransom was not paid.
Now for the twist: According to the Hive Group, this target was chosen because the group believes the Trust has cyber insurance worth £500,000. Are hackers actively seeking organisations with insurance coverage to pay them off? If this is the case, it is a fascinating development because, in theory, insurance should make an organisation more secure, not less.
It remains to be seen whether Wootton Academy Trust has cyber insurance or access to £500,000 that is looking for a new home. According to the party line, the Trust has no intention of paying.
The statement from the Hive Group is as follows:
“We are very well informed and precise in our operations, so we know that Wootton have cyber insurance that reaches £500k. If Wootton management decide to move on with their plan and refuse to negotiate, we are going to release all of the stolen data online for everyone to see. All of your child's private information will be online for everyone and for free. What's even more dangerous is that every single hacker will receive all of your personal identification information. You can imagine thousands of ruthless hackers coming after you and your children for some profit.”
Needless to say, releasing the data could be extremely damaging to a large number of people. We'll just have to wait and see how things progress.
Parties interested in the security of such organisations should always ask the following questions at such times:
- What can be done now to correct this situation?
- What could have been done differently to prevent this from happening?
- What can be done to avoid such occurrences in the future?
Whether or not a serious breach has occurred, the best course of action for any organisation is to bring in an expert to advise and assist in assessing the vulnerabilities so that a plan to harden defences can be developed. Organizations like the Hive Group are in it to make money; if your organisation is difficult to attack, they will move on to a less well-defended target.
It's similar to the old joke about running away from a grizzly bear: you don't have to be faster than the bear, just faster than the person you're with.