![[LOGO] Corvus Insurance by Travelers](https://info.corvusinsurance.com/hubfs/Corvus%20by%20Travelers%20Logos/CORVUS-Travelers-SML-POS-RGB.svg "[LOGO] Corvus Insurance by Travelers")
RISK PREVENTION CASE STUDY
Social Service Agency
Travelers detected a breach in a social service agency’s remote desktop tool, with the compromised account for sale on the dark web and at risk of enabling ransomware attacks.
![[PHOTO] Risk Prevention Case Study: Social Service Agency](https://info.corvusinsurance.com/hs-fs/hubfs/social_services_hero.webp?width=482&height=299&name=social_services_hero.webp)
Key Takeaways
![[ICON] Company Information](https://info.corvusinsurance.com/hubfs/manufacturing_icon.svg){kind=icon}
Company Information
Social Service Agency
![[ICON] Incident Type](https://info.corvusinsurance.com/hubfs/icon-cyber-inccidents.svg){kind=icon}
Incident Type
Security breach via remote desktop web access tool
![[ICON] Response Time](https://info.corvusinsurance.com/hubfs/personalized%20rapid%20response%20icon.svg)
Response Time
Within 30 minutes
![[ICON] Actions Taken](https://info.corvusinsurance.com/hubfs/risk%20prevention%20icon.svg)
Actions Taken
Rapid alert of breach, threat isolation and strengthened system defenses
![[ICON] Results](https://info.corvusinsurance.com/hubfs/compromised%20assets%20icon.svg)
Results
Avoided potential ransomware claim and maintained full operational functionality with zero disruption
Case Study Overview
For this policyholder, the Travelers Cyber Risk Services team identified a potential cyber threat
involving a compromised account on a social service agency's remote desktop web access tool. The threat actor had gained unauthorized access to the account and was attempting to sell it on the dark web for malicious use. Through rapid response and strategic intervention, Travelers experts were able to mitigate the risk and avoid a potentially catastrophic ransomware attack, saving the agency from significant financial and operational disruption.
The Challenge
Travelers was alerted to a breach involving a social service agency’s remote desktop web access tool. The compromised account was being marketed for sale on the dark web, suggesting it could be used for cybercriminal activities such as ransomware attacks. Given the high likelihood of financial and operational damage associated with these types of threats—ransomware attacks alone average $432,000 in losses per claim among organizations with less than $2B in annual revenue1—the urgency was clear. Travelers had to act quickly to prevent the incident from escalating.
Corvus by Travelers' Response
Upon becoming aware of the breach at 2:51 PM, Travelers cyber experts initiated a swift response, notifying the social service agency at 3:13 PM about the compromised account. By 5:00 PM, Travelers had helped the agency to engage with an Incident Response (IR) firm to assess the situation. Travelers also advised the agency to file a claim, which enabled the team to begin a thorough investigation and remediation process at minimal cost to the agency.
The Travelers Cyber Risk Services team coordinated with the agency to quickly contain the threat and prevent any further malicious activity. Their intervention included isolating the compromised account, strengthening system defenses and ensuring no additional breaches had occurred, all of which helped to minimize the potential impact.
Results
The quick and coordinated response resulted in significant benefits for the social service agency:
Ransomware Claim Avoided: Through Corvus by Travelers’ swift actions, the agency was able to successfully avoid significant disruption caused by IT systems being encrypted and data stolen.
Cost Efficiency: The investigation and remediation, which included the involvement of an IR firm, totaled $23,000 – a small fraction of the average cost of a ransomware attack.
Operational Continuity: The agency maintained full operational functionality with zero disruption.
This proactive collaboration between Travelers Cyber Risk Services team and the social service agency highlighted the value of quick action and expert guidance in preventing cyber incidents from escalating into full-scale crises.
Case study is based on actual situations, composites of actual situations or hypothetical situations. Resolution amounts are approximations of both actual and anticipated losses and costs. Facts may have been changed to protect confidentiality.
1NetDiligence Cyber Claims Study 2024 Report https://netdiligence.com/cyber-claims-study-2024-report/.