The True Cost of a Ransomware Attack

Ransomware has become an unfortunate reality that businesses and individuals alike constantly face as a threat to everyday operations. What first started as a means for small-scale cyber-criminals to extract relatively small amounts of money, has now become a multibillion-dollar criminal enterprise. Ransomware demands grew from an average of $6,000 in 2018 to $570,000 in 2021. Hacking groups now operate like traditional businesses with physical offices, HR departments, and even employee of the month. This expansion has also become a matter of national security, as cyber warfare becomes the new frontier for malicious nation-state actors. These factors have increased the prevalence of ransomware and dramatically increased the cost of an attack to U.S. business owners.

The Colonial Pipeline attack in 2021 which shut down the pipeline operations and cut off fuel to millions of people, proved the impact that a single ransomware demand could have on the entire region. Since then, it is estimated there is a ransomware attack on a business every 11 seconds, with resulting damages projected to cost $20 billion in 2022. Losses from ransomware go beyond the ransom itself, even if paid, crippling businesses, causing revenue losses, and damaging the brand. Globally, 81% of businesses are highly concerned about the risk of ransomware, but only 42% believe that they have the proper staff to prevent an attack.

Loss of Revenue and Business Closure:

 Revenue loss from ransomware can often outweigh the payment of the ransom itself. 25% of those attacked are forced to close due to the inability to operate. FedEx reported a loss of $300 million in revenue after they were attacked in 2017. While attacks on larger organizations like FedEx make headlines; businesses of all sizes are attacked and suffer significant losses. Company size has little impact on revenue loss because hackers comb through files and finances before finalizing an attack, looking for any information that might indicate the maximum amount of money they can extort. Globally, a full two-thirds (66%) of organizations reported a significant loss of revenue due to ransom demands.

 Brand and Reputation Damage:

 The damage to a company’s reputation is particularly concerning and the resulting loss of revenue is difficult to calculate. Retail-based businesses see the largest revenue loss due to the direct impact on customers. The Target attack in 2013 saw hackers steal over 40 million credit and debit records, which resulted in malicious actors selling the stolen information on the dark web. This attack and those like it, diminish customer trust particularly if it impacts their financial outcomes. Target saw a 43% decrease in earnings in the quarter following the attack and has since worked tirelessly to restore confidence in its brand.

What About Paying the Ransom or Investing in Ransomware Insurance?

For many businesses, especially those with ransomware coverage, the thought of paying the ransom as quickly as possible to prevent revenue loss and secondary damages is all too appealing. However, neither paying the ransom nor having ransomware insurance makes an organization immune to these attacks or negative ramifications. Of companies who opted to pay the ransom, 80% were attacked again.

Research shows those who pay the ransom often fall prey to a double extortion attack: the ransom is paid and then followed by more demands often related to blackmail with exfiltrated data. The payment only serves to encourage hackers and is no guarantee of recovering what was stolen.  Even if a business can regain access to its data, the data can be either fully or partially corrupted. Of those companies who paid the ransom and regained access to their data, 46% of businesses found their data to be at least partially corrupted and unrecoverable.

In North America, ransomware attacks account for 41% of claims to cyber insurance. These policies often fall short and don’t cover the entirety of damages. Of all organizations with cyber insurance policies in place which were victimized, just 42% had a portion of losses covered.  Cyber insurance policies may cover the ransom itself but not the revenue loss, and damage to a company’s brand.

Defending Against Ransomware

Defending against ransomware is a never-ending arms race between security firms and malicious actors. The only sure method to defend your organization against ransomware is to prevent it. To defend against ransomware, your organization should follow industry best practices and maintain good security hygiene. Follow guidelines from governmental agencies like NIST (National Institute of Standards and Technology) and CISA (Cybersecurity and Infrastructure Security Agency) and implement them across your business.

4 areas to Protect:

• Endpoint: Ensure every device in your organization is secured with reputable endpoint protection and NGAV (next-generation antivirus)
  
  
• User: Implement regular security awareness training and phishing simulations to educate employees
  
  
• Network: Deploy a resilient firewall to prevent outside threats from entering your businesses network
  
  
• Data: Protect your data with regular backups using a secure offsite service to serve as a last line of defense if all else fails and data needs to be restored
  
  

The never-ending battle against ransomware requires expertise and best-in-class software/hardware. Working with a third-party vendor to conduct assessments and provide security for your organization ensures that your business has access to all the necessary resources to prevent an attack. Like insurance, investing in cyber security and managing your data provides a safety net to rely on should your company be targeted by cyber criminals.