Tokio Marine Insurance Singapore (TMiS), one of Tokio Marine Group’s companies in the country, was recently a victim of a ransomware cyber-attack. Investigations are currently ongoing, and the details of the attack and the extent of the damage is still unclear.
TMiS revealed that upon detection of the attack, all the necessary measures were taken – including the isolation of the network to prevent further damages and filing of the reports to local governmental agencies.
The company also said there has been no indication of a breach of any customer information nor confidential information of the Group, and that an external specialised vendor has been appointed to perform a third-party analysis of the systems to verify the scope of the attack.
“Any organisation should begin the response to a ransomware long before the attack in the form of preventative measures, backups and an incident response plan,” remarked Ian Hall, Head of Client Services, APAC, Synopsys Software Integrity Group on the incident. “The preventative measures have been bypassed so the incident response plan should be put into action where they will need to assess the two options – whether to recover the data and systems using backups or to pay the ransom.
“The assessment on which option to take has many different factors – the downtime needed to restore backups, the cost of the downtime, the cost of the ransom, the trustworthiness of the attacker (if it can be called that),” Hall said.
“Enterprises must remember that even if the ransom is paid, it does not mean that the data, or even part of it, will actually be decrypted. There are even known cases where attackers have bugs in the codes so that the organisation cannot recover the data even if they wanted to,” said Prakash Bhaskaradass, Director for Growth Technologies, Check Point Software Technologies