Unless you have been isolated from contact with any media outlet for the past several years, you have heard the term ransomware. It is a particularly nasty form of malware that attacks enterprise data resources. As ransomware attacks continue to increase, so do the direct and hidden costs to their victims. This article will take a look at the price paid by the targets in the aftermath of a ransomware attack.
What is Ransomware?
A ransomware attack encrypts an organization’s data and holds it for ransom. The criminals make financial demands and usually want to be paid in cryptocurrency. A ransomware gang promises to provide the decryption keys necessary to access the stollen data after payment is made. Victimized organizations have no guarantee that they will ever get their data back. After all, they are negotiating with criminals.
Ransomware attacks are often initiated by organized groups that have selected their targets very carefully. The ideal victim has business-critical systems and sensitive data resources that can both be impacted by the gang’s dedicated malware. A stealthy phishing campaign may be conducted to try to introduce ransomware into the targeted network.
Historically, ransomware confined itself to a single form of extortion by encrypting files and demanding payment. Organizations with superior disaster recovery skills and procedures could, theoretically, ignore the threat of ransomware. Businesses that could rapidly recover the affected systems would be immune to ransomware attacks, thwarting the efforts of the cybercriminals.
In another example demonstrating the ingenuity of the criminal class, the stakes in ransomware attacks have been raised. Double extortion attacks now threaten to sell or auction exfiltrated sensitive data assets as further incentive for the victimized organization to pay the ransom demands. These types of attacks complicate security measures and make it vitally important to keep the computing environment free of malware.
Direct Costs of Ransomware
There are multiple direct costs associated with a successful ransomware attack. The average cost of ransomware remediation rose to $1.85 million in 2020. This fact highlights the importance of stopping potential ransomware attacks before they have a chance to infect an organization’s systems.
Data Recovery Costs
The first thing an enterprise needs to do when hit with a ransomware attack is to recover its lost data. Depending on the scope of the attack and the disaster recovery policies in place, the time and expense required to accomplish this task can vary widely.
Costs fluctuate based on factors such as the ability to recover in place rather than requiring an alternate site, the availability of backup media, and having a technical team on-hand that can perform the recovery. The quality of a company’s disaster recovery preparedness influences its capacity to quickly restore access to affected data resources and systems.
System downtime is directly related to an organization’s data recovery capabilities. The longer it takes to restore ransomed data, the more time-critical systems are unavailable to customers and internal users. The cost per hour varies according to the specific applications that are down, but it’s safe to say that every minute counts when business-critical systems are unavailable.
The ramifications of system downtime are not confined to lost finances and productivity. Concerns and confusion surrounding the COVID-19 pandemic have inspired successful ransomware attacks against healthcare organizations. A woman in Germany died because of healthcare systems that were down due to a ransomware attack. As attacks against the healthcare industry and essential infrastructure components increase, we are likely to see more instances of injury and death attributable to ransomware.
As an alternative to recovering the affected systems and withstanding the associated downtime, the demands of the cybercriminals can be met immediately. Over half of victimized companies paid the criminals to restore access to their data.
Even after payment has been made, many organizations find their data resources have been corrupted or are not complete when access is restored. There is no recourse for companies that find themselves in this situation. They are simply out of luck regarding the lost or corrupted data.
4 Hidden Costs of Ransomware
Ransomware, especially when conducted using the double extortion approach, has many hidden expenses that can be more damaging to victimized businesses than the more obvious direct costs.
Identifying and Remediating Exploited Security Flaws
In the aftermath of a successful ransomware attack, the targeted organization needs to identify how the malware was introduced to the network so proactive measures can be taken to prevent its recurrence. This can involve an extensive and expensive postmortem to isolate the security flaws that need to be addressed.
A heightened focus on employee training will be required to minimize the chances that successful phishing campaigns will deliver ransomware. The costs associated with this activity involve lost productivity and the price of training materials.
Exposure of Personal and Sensitive Data
Exposing protected data risks penalties for failing to comply with regulatory standards like those of the General Data Protection Regulations (GDPR) or Health Insurance Portability and Accountability Act (HIPAA). These fines can be quite expensive and add substantially to the cost of a ransomware attack.
In addition, services may need to be offered to customers whose information has been compromised. Credit monitoring and identity protection for a large number of affected customers can quickly add up. Follow-up audits to address HIPAA compliance failings will occupy otherwise productive time and require additional monetary expenditures.
Loss of Customer Confidence
One of the most expensive hidden costs of a ransomware attack is a company’s loss of customer confidence. This is especially true when customers’ personal data has been compromised and they need to take action to protect themselves from further damage like identity theft.
Customers trust an organization to protect their information and do not appreciate it being compromised. The availability of multiple solutions for just about anything means customers can easily find alternatives to a business they don’t trust. Once they have moved on, it is extremely hard to attract them again. This is why safeguarding the privacy and security of customers’ personal and sensitive data is vitally important.
Damaged Corporate Reputation
In addition to reduced customer confidence, the overall corporate reputation of companies impacted by ransomware can take a hit. Potential partners may be reluctant to conduct business with an organization that is susceptible to ransomware. A company may need to offer proof that it has addressed its security shortcomings to attract new business.
The long-term and subtle effects of a ransomware attack on a company’s reputation can linger for years and hinder its attempts to meet business objectives. For some customers, trust that cannot be repaired will result in them finding alternative solutions.
Is It Worth the Risk?
The direct and hidden costs of ransomware should not be underestimated. While any organization is potentially at risk, those that store and process sensitive and personal data offer criminals more valuable targets and should implement more vigorous defenses. The initial expense necessary to recover data and restore system availability may be dwarfed by the long-term damage done to customer confidence, data privacy, and company reputation.
Double extortion attacks are extremely dangerous and need to be addressed before they reach valuable targets. The costs involved with preventing ransomware will prove to be an intelligent investment by saving your organization from the direct and hidden damages caused by a successful attack.