Cyber Attack Response

Centor Insurance

How we supported a large business – from attack to resolution...

DAY 1-2: Discovery

[{"selector":"#anim-30e0e03a-92d6-477e-81bc-1d619bd325b2","keyframes":{"opacity":[0,1]},"delay":20,"duration":1200,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-0f94bc12-b0ba-4be4-870a-271483a70bcc","keyframes":{"opacity":[0,1]},"delay":30,"duration":1300,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-6dc562f4-5d22-4bcb-8285-b3d60eb4bb68","keyframes":{"transform":["translate3d(-115.18988%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1300,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-a694e3e8-a7c1-4936-bca4-da4df047257b","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-01bfc1e3-cc9b-432a-97bc-62609a5e7b89","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-69978e19-2f29-4c1a-965e-922ed7d72cdc","keyframes":{"transform":["translate3d(117.09091%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-fd94cfb9-911d-4450-a5a4-2473585ba4b1","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-2c6b45ae-c63f-4db2-9433-da6277a19979","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f7def99f-fabb-4c9b-8308-4f63c9012bc5","keyframes":{"transform":["translate3d(117.88322%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-c6b84365-46c4-4896-ac02-5feb13a6bf49","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b4fdbed5-f66d-48dc-aae4-788f85da6d79","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-849d895a-df4d-499d-a386-82dae0fbdca9","keyframes":{"transform":["translate3d(117.45455%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-cdf3aef0-bc39-4736-a79c-e0ccd3ad0f6f","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-68d11f2b-48f4-4e28-a438-c0f16c6f74d9","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-6d2a85cd-9847-43f2-8572-89c4d08fea5f","keyframes":{"transform":["translate3d(117.09091%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] The client contacted Centor about a potential cyber threat to their business. We contacted their cyber insurer, IT and a specialised media team, and coordinated a response. IT teams drilled down into the 'how' and 'why' of the attack. Their customers were told and business was temporarily halted.

DAY 3-7: Evaluation

[{"selector":"#anim-e45f2791-ab1a-44e5-ab2d-8fd8c38b0ff2","keyframes":{"opacity":[0,1]},"delay":30,"duration":1300,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-662b89a1-7ea6-4110-99cf-3af83462247e","keyframes":{"transform":["translate3d(-115.18988%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1300,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-941aeb64-7c54-4161-bafb-a5bc9257ca7a","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e53f80e3-a4ed-43eb-9477-a5948fc6182a","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5e59a8c9-c860-4f22-82fd-1870d887c3ec","keyframes":{"transform":["translate3d(117.09091%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-837268c3-5193-44e1-9b9b-33516aff94b1","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-a9ba9541-32e4-474b-8875-47f90135d36a","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-695fa2f3-c9a9-4f5f-915e-6c069136578d","keyframes":{"transform":["translate3d(117.88322%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-11c94da6-982d-4623-9403-db1b81bd7c3c","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-39465219-446b-4280-a69f-9187727fc233","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-a407afb0-7e80-408d-b50b-0bfe6748d6fc","keyframes":{"transform":["translate3d(118.18183%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-a0c5ccd3-25e7-48a9-a493-40e60cdd374c","keyframes":{"opacity":[0,1]},"delay":30,"duration":1200,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] The client's team evaluated the extent of loss and exposure. As the threat was deemed SEVERE, insurers were instructed to pay the ransom to the threat actors. The ransom was paid by their insurers in order to get their business OPERATIONAL again.

DAY 7-14: Discovery

[{"selector":"#anim-d82eabf3-27dc-49df-9600-6050980ed56d","keyframes":{"opacity":[0,1]},"delay":30,"duration":1300,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f10a5ce3-0f82-41c9-bffa-d12417955102","keyframes":{"transform":["translate3d(-115.18988%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1300,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-82469024-7e84-492c-84fb-6244eea1b876","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d27fcdae-5bec-4f71-b6b0-ee9b400a6b83","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-95a83a29-7bbc-4dd3-98ca-4143d8bb080b","keyframes":{"transform":["translate3d(117.09091%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-c64c62c5-de7f-4ddb-aad8-87e25d5b7bbc","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-268d08d9-c76d-4472-9e12-1fe886f13e62","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ff24ec61-dcbe-4d97-bdcb-739c9bd65021","keyframes":{"transform":["translate3d(117.51826%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4720db5f-4d8d-4d01-83ce-e47c81db2faa","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4590e02e-800c-46e6-a1bf-94e3bef6563f","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4d78bd98-5c57-446c-8769-d3dcb5e712c0","keyframes":{"transform":["translate3d(117.45455%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4fc2d6a0-5178-47e0-b81e-35c4d1a22784","keyframes":{"opacity":[0,1]},"delay":30,"duration":1200,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Once payment was made the threat actors relinquished control of the assets. The client got full control back and could start to trade as normal. Centor guided them through the entire process to ensure nothing was missed.

MONTH 1-6: Improvement

[{"selector":"#anim-27355496-9b1f-4652-91d3-5e60f7fe1592","keyframes":{"opacity":[0,1]},"delay":30,"duration":1300,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-598f831c-af44-4941-9b67-22a78e89fc6f","keyframes":{"transform":["translate3d(-114.55696%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1300,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4e9e3fd3-2247-4dc4-bc98-16ed5ebf488d","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b35f9107-e73a-4b0a-9225-15cb6f53094d","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-a1c067d4-9dc3-4159-b909-953e208bbcaa","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-3b186515-03c2-47ea-9b0f-dc67be3e2006","keyframes":{"transform":["translate3d(117.88322%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-41341edf-8028-4c05-b635-19181b0f3c8f","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-0949a9a3-0950-4ce6-8f24-d9cd1c4c4eb7","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-41ea43fd-3c11-423b-ad72-a08409b81e26","keyframes":{"transform":["translate3d(117.45455%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7fbfd4a9-5f26-488d-9767-6fcb3f075be4","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-edc6fc05-9c41-4576-bd08-85e8fb2bffef","keyframes":{"transform":["translate3d(116.13924%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e45af98e-de53-462f-a19d-d59dd4a9c367","keyframes":{"opacity":[0,1]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-daca027a-e659-40af-bfa3-23f3dbf1ed15","keyframes":{"transform":["translate3d(117.09091%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1500,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] BI claim reviewed and paid out in full by their insurer. Betterment clause was also paid, leading to better systems and responses. With the support of Centor, the client got greater protection and recovery, ensuring no permanent loss of business. The client is now fully operational and prepared for future cyber attacks.

Points to consider for cyber attacks

[{"selector":"#anim-cd2d2777-5994-4436-b049-2ef0db20e901","keyframes":{"opacity":[0,1]},"delay":60,"duration":1200,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e91d875b-9927-487b-9faf-05f3c8682483","keyframes":{"transform":["translate3d(-120.06803%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":60,"duration":1200,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5e2eff00-58d0-42e4-9c01-87c0d7b68019","keyframes":{"opacity":[0,1]},"delay":60,"duration":1200,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-38ed5612-8223-48aa-bee1-c140b0adc07e","keyframes":{"transform":["translate3d(113.79312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":60,"duration":1200,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] Without a seamless strategy in place, and someone to drive it, it could have taken weeks to co-ordinate a cyber-attack response. And while that was being organised, the business would be unable to trade. If this had happened, the business would have failed.

What is the ROI OF CYBER INSURANCE?

[{"selector":"#anim-338abe56-7da3-42df-9896-694ec006c7fe","keyframes":{"opacity":[0,1]},"delay":30,"duration":1200,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b3e21f57-189f-42fa-a55d-7874865b5dfb","keyframes":{"transform":["translate3d(-114.87342%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1200,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-22de57d1-0936-4440-9f36-986c8ee6bc10","keyframes":{"opacity":[0,1]},"delay":30,"duration":1600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ee20bb3c-17e0-40c3-a8fb-6e7331f2c588","keyframes":{"transform":["translate3d(117.47573%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":1600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] In this cyber attack case, our client paid £25,000 toward their insurance to receive £650,000+ in professional support. That's an ROI of 1:26! Want to know more? Listen to our cyber podcast: Listen to our Podcast

If you are interested in discussing your cyber policy further, reach out to Richard Grainger today!

Richard Grainger Corporate Director 020 7330 8705

Centor Insurance