cbc.ca - The insurance company did not cover any of the city’s claims totalling about $5 million. City staff say they've learned from their mistakes and are taking accountability for the cybersecurity breach.
Many City of Hamilton departments didn't have multi-factor authentication in place before cyber criminals launched a massive ransomware attack in February 2024, paralysing nearly all municipal services for weeks.
Multi-factor authentication, also sometimes in the form of two-step verification, is a widely used layer of extra security for users logging into a system like their email accounts. They're required to verify their identity using more than one method, such as entering a code texted to their phone.
It's been used by corporations and technology companies for years. Google, for example, launched its two-step log-in system in 2011.
While not the only reason the attackers were successful, the city's lack of multi-factor authentication was a "root cause" of the breach, as determined by the city's insurance company, said a staff report to the general issues committee Wednesday.
As a result, the insurance company did not cover any of the city's claims totalling about $5 million.
"This has been a test of our system and a test of our leadership," said Mayor Andrea Horwath at a news conference Wednesday. "We are not sweeping this under the rug. We are owning it, we're fixing it and we're learning from it."
The lack of multi-factor authentication, and no insurance coverage, was reported publicly for the first time this month.
The staff report said: "According to the policy, no coverage was available under the policy for any losses where the absence of MFA was the root cause of a cyber breach."
Solicitor Lisa Shields told councillors Wednesday that staff were aware of the multi-factor authentication requirement in their insurance policy in the fall of 2022 and began rolling out a pilot program the following year, but for only a few departments.
In early 2024, the city was preparing to fully implement multi-factor authentication, but then the ransomware attack took place on Feb. 25, said Cyrus Tehrani, acting chief information officer.
He told reporters that — contrary to what the insurance company found — the breach would've happened even with multi-factor authentication in place. The city also told CBC Hamilton in an email that it was a "highly sophisticated attack on an external, internet-facing server, gaining unauthorized access to the City of Hamilton systems."
Attackers demanded $18.5M in ransom
About 80 per cent of city systems were impacted and the attackers demanded the city pay $18.5 million to unlock it — a massive crisis and among the most significant in Canada, city manager Marnie Cluckie told councillors.
Based on advice from outside experts, the city decided not to pay the ransom and instead recover what it could and rebuild everything else. The police investigation is ongoing, Cluckie said.
To date, the city has spent $18.4 million and will continue to pay nearly $400,000 a month until November 2026 to rebuild its systems, said Mike Zegarac, general manager of finance.
tomshardware.com - A leading mobile device insurance and service network has initiated insolvency proceedings in the wake of a cyberattack. Selling properties and cutting staff numbers wasn't enough to save the business.
The Einhaus Group was once a familiar name, with its services available through 5,000 retail outlets in Germany and an annual revenue of around 70 million Euros.
A leading mobile device insurance and service network has initiated insolvency proceedings in the wake of a cyberattack. Germany’s Einhaus Group was targeted by hackers in March 2023 and is understood to have paid a ransom(ware) fee of around $230,000 at the time, according to Wa.de and Golem.de (machine translations). However, the once large and successful company, with partnerships including Cyberport, 1&1, and Deutsche Telekom, struggled to recover from the service interruption and the obvious financial strains, which now appear to be fatal.
The ides of March
In mid-March 2023, Wilhelm Einhaus, founder of the Einhaus Group, recalls coming into the office in the morning to witness a ‘horrific’ greeting. On the output tray of every printer in the office was a page announcing, “We've hacked you. All further information can be found on the dark web.” Further investigations revealed that the hack group 'Royal' was the culprit. They had encrypted all of Einhaus Group’s systems, which were essential for the day-to-day running of the business. 'Royal' demanded a ransom payment, thought to be around $230,000 in Bitcoins, to return access to the computers.
Of course, with operational systems down, there was an immediate impact on Einhaus. The police were involved promptly. However, the affected firm seems to have decided to pay the ransom, as it could see business losses/damages piling up – meaning continuing without the computer systems was untenable. Einhaus estimated that the hacker-inflicted damage to its business was in the mid-seven-figure range.
koreaherald.com - Seoul Guarantee Insurance, South Korea's largest provider of guarantee insurance, has been crippled by a ransomware attack, with its core systems offline for a third straight day.
The incident began early Monday, when SGI reported an “abnormal symptom” in its database system. By Tuesday afternoon, a joint investigation by the Financial Supervisory Service and the Financial Security Institute confirmed it was caused by a ransomware breach.
As a pivotal player in Korea’s guarantee insurance industry, SGI’s disruption is generating widespread confusion and inconvenience. The insurer provides guarantees for both individuals and corporations, with a guarantee balance of 478 trillion won ($344.4 billion) as of end-2024.
The impact is particularly severe in the housing market, where many rely on guarantee insurance for the “jeonse” rental system, where renters pay a large, refundable deposit in exchange for no monthly rent. SGI is one of the leading providers in this space, offering the highest cap on jeonse loan guarantees at 500 million won, compared to 200 million to 400 million won from other institutions.
While some services have been restored through cooperation with financial institutions, SGI’s main data system remains inoperative as of Wednesday morning. In urgent cases, the company has resorted to issuing handwritten guarantee certificates to minimize disruption.
Starting Wednesday, the insurer is operating an emergency center to collect reports of consumer damage and support recovery. “We vow full compensation and are planning responsible follow-up measures,” said SGI President and CEO Lee Myung-soon.
This is the first full-system disruption at a Korean financial institution caused by a ransomware attack and a second such case involving a Korean company this year. In June, major online bookstore Yes24 experienced a five-day outage and an estimated 10 billion won in lost sales due to a similar breach.
The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow.
The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace.
Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world.
Lloyd’s of London will require its insurer groups globally to exclude catastrophic state-backed hacks from stand-alone cyber insurance policies starting next year.
Marsh analysis, insights, and ideas, regarding new cyber insurance policy exclusion language related to war, cyber war, cyber operations, and catastrophic risk.
Merck & Co.‘s victory in a legal dispute with insurers over coverage for $1.4 billion in losses from malware known as NotPetya is expected to force insurance policies to more clearly confront responsibility for the fallout from nation-state cyberattacks.
