SegurCaixa Adeslas headquarters. EFE

SegurCaixa Adeslas has been fighting against him for six weeks ransomware. A cyberattack detected on September 9th completely digitally shut down one of the largest insurers in Spain – the first in non-life insurance in relation to the size of its premiums and market share, according to the Statista portal. Computer systems, such as those that manage medical test authorizations and user policies, stopped working from one day to the next. According to an internal communication from the company, it will not be until next Friday when it recovers its activity to 100%. Along the way, during this month and a half, internally and externally, he has faced a very delicate situation.

So long without returning to normality is in itself a symptom of the extent of the kidnapping. As Alfredo Reino, an expert in cybersecurity, explains, there is never absolute protection, but this cyberattack has shown that it has caught SegurCaixa Adeslas by surprise. “Their prevention systems have not worked. This comes at a brutal cost. The backups have not been enough and you have needed to create new infrastructures. All these weeks, in which they are recovering and putting everything into operation, imply both a loss of business and stress within the company ”, he says.

At a time like the present, of teleworking and digital migration, running out of tools on-line makes it difficult to offer the usual services. Official sources of SegurCaixa Adeslas apologize for the delays caused and reiterate that they adopted the necessary measures to prevent a further spread of the attack. “All potentially affected services and communications with the Internet were closed, due to a criterion of prudence and responsibility. This strategy implied the readjustment of certain processes ”, detail these same sources.

For users, the translation of the blackout has been none other than bureaucratic problems and serious difficulties in enjoying their policies. As one of them claims, getting a date became an odyssey for weeks. “They told me that their servers were not working, that they had suffered an attack. That I gave them my information and they would call me, “he says. In his case it was for a series of dental treatments that he could not fix for a few specific days. He even came to the clinic since the insurance company did not call him. “They answered that they were still blocked, that I would give them my data again and they would call me. They haven’t, so I’ll go back to the clinic to get my appointment. “

For Maria (not her real name), the situation was more delicate. With a risky pregnancy, she didn’t know if the hospital that had treated her for almost nine months would allow her to give birth. The policy she had ended on September 30 and she was out of accounts at the end of October. I wanted to renew the services, but the only answer I got from SegurCaixa Adeslas was that they could not confirm this renewal because they lacked access to user files. “I went to the offices several times. There were the employees with paper and pen pointing. They could only take note of what I told them. They told me they would call me, but nothing. I went back several times and they always answered the same thing. Luckily, last week I managed to solve it ”.

Internal stress

From the inside, the insurer has experienced constant stress since that disconnection on September 9 until now. Internal sources acknowledge that the information technology and business continuity departments have worked 12-hour shifts, Monday through Sunday. They also recognize that it is not being easy to get back to normal. “We are saturated. With the pandemic, we had to spend more hours, but with the attack everything has become even more complicated. We are very nervous. We cannot consulate policies or access the information of the insured. Day to day is very complicated ”, these same sources say.

Officially, the company guarantees that it has not paid any ransom and that no sensitive information is in the possession of cybercriminals. “The company has been the victim of an attack carried out by criminals and does not enter into negotiations with those who base their pressure strategy on the impact on the company’s reputation,” argue official sources. In recent months, attacks by ransomware they have intensified in Spain. Another insurer like Mapfre and the computer systems of several hospitals have been hijacked by digital mafias.

Although it is not confirmed, cybersecurity experts point out that it is quite evident that SegurCaixa Adeslas has been attacked with Revil, belonging to a new family of ransomware used by Russian cybercrime. For the Kingdom it is relevant because it shows a new trend in these crimes. The usual thing was that they encrypted the data and asked for a ransom to release it, but their modus operandi has changed substantially. “Those behind Revil have a page on the dark web where they publish which companies do not pay. Even there the seized information is auctioned. They are diversifying the activity. It is no longer just extortion, but a kind of marketing ”, ditch.

Cyber ​​attacks by ransomware they are more and more everyday. According to the latest IBM study in this regard, they cost an average of 3.7 million euros to organizations and 10% use the policies contracted with the intention of covering all derived expenses. SegurCaixa Adeslas has not quantified the damage caused, but the consequences have been obvious. He is already facing the final stretch of his return to everyday life, at which time he will see what has failed. “The sooner you detect an attack, if you respond at that moment, the impact will be less. And this translates into less time to resume your activity and fewer losses, ”concludes Reino.

