With an alarming increase of ransomware attacks plaguing the collision repair industry, cybersecurity has become an important topic for shop owners to educate themselves on for the safety of their businesses.
A type of cybersecurity risk, ransomware attacks are when someone seizes control of an organization’s computer system or digital information, agreeing to release it only after a ransom has been paid.
Ransomware is typically spread through phishing emails with malicious attachments or by visiting an infected website, but shops have also been hacked through open ports. After infecting the victim’s system, the ransomware virus encrypts every data file it finds and displays a demand for ransom, usually in untraceable cryptocurrency, in exchange for the decryption keys needed to restore the locked files. Failure to pay the ransom leads to those keys being discarded, which makes the data permanently inaccessible.
One component of ensuring a shop is protected involves acquiring and maintaining adequate insurance. In Autobody News’ August edition, David Willett, general manager of the automotive industry at Intrepid Direct Insurance, shared, “This is happening to other industries, but it’s becoming more frequent in our industry. The number of automotive repairers with cyber risk coverage in their garage insurance package is growing but still represents a small percentage.”
Most experts do not recommend paying the ransom since there’s no guarantee that the hacker will restore the files or that they haven’t already gleaned information for nefarious purposes. If paying the ransom is the only choice, be familiar with your insurance policy to know if cyberattacks are covered; according to an April report by the New York Times, many insurers have argued that certain cyberattacks tied to foreign governments aren’t covered under insurance policies due to the “war exclusion” which prevents insurers from paying for costs related to damages caused by war.
“The normal ransomware provision pays for rebuilding the system and database, which can take 30 days or more. It doesn’t reimburse or pay the actual ransom request (usually bitcoin), which offers an immediate fix,” Willett stated. “Intrepid’s provision pays for the ransom request because it was designed for what’s actually happening in the industry, and we plan to continue strengthening it for our customers’ protection.”