This World Backup Day, it’s important to understand the whole cost of ransomware attacks. We all know ransomware attackers demand high sums of money to return data or free up systems that they’ve encrypted. The average payout to a hacker is now up to $84,000 per incident and is expected to rise – and that’s just the ransom cost! That doesn’t account for revenue losses during downtime, or the total cost of recovery efforts. When you take a holistic view of all of the costs associated with recovering from a ransomware attack, the numbers are staggering.
In the United States, we’ve seen some extremely costly ransoms paid out to cybercriminals:
- Riviera Beach, a city in Florida, agreed to pay $600,000 in ransom to recover civilian records that were encrypted in a ransomware attack.
- Just one week after the attack in Riviera Beach, another city in Florida, Lake City, was hit by a ransomware attack and had to pay $460,000 to regain control of their municipal computer systems.
- Jackson County, Georgia paid a $400,000 ransom to the Ryuk ransomware gang to recover their IT systems.
When it comes to recovery, we saw multiple examples across the globe of ill-prepared companies paying well into the millions as a result of having inadequate business continuity and disaster recovery (BCDR) strategies:
- Norwegian aluminum manufacturer Norsk Hydro took an estimated $70 million blow to their bottom line in lost production time after being hit by the Lockergoga ransomware strain.
- Danish hearing aid manufacturer Demant suffered over $90 million in lost production time and lost sales after having to shut down their entire IT infrastructure after a ransomware attack.
- International currency exchange provider Travelex was hit by a ransomware attack and, consequently, shares of the company plummeted 20% and investors sold $72 million of their shares.
- After being ravaged by a ransomware attack, the city of Baltimore, Maryland estimated that between delayed revenue and restoration costs, the attack cost them over $18 million.
One of the reasons ransomware attacks have been so successful is that cybercriminals have been evolving their attacks to outpace modern-day security measures. Strategies like targeting data backups and publishing them began to take off toward the end of 2019 and continued as the new year began. As the coronavirus pandemic unfolded, attackers began email phishing campaigns, posing as the World Health Organization to get unsuspecting victims to click through, and then encrypting their data.
As these attacks continue to evolve in complexity and severity, overall costs associated with ransomware recovery will also continue to get worse. This poses a particularly difficult problem for organizations that operate 24x7, as consumers expect them to be always on. Any downtime can cause loss of production, which results in disappointed consumers and impacts on revenue.
No sector is safe, but there are some that are more at risk than others. Healthcare is one of these industries because cybercriminals know patient data is highly valuable. If a doctor can’t access a critically injured or sick person’s medical records, they can’t deliver proper care. This isn’t just a hypothetical scenario, either. Hospitals have had to refuse care to patients as a direct result of ransomware, like the attack on the hospital system in Alabama last year, which forced them to close down and divert new patients to other care centers.
Government agencies have also been targeted by a high volume of attacks because many don’t have effective BCDR plans and often rely on legacy technology. Cybercriminals can easily disrupt emergency city services like police and firefighters in exchange for a ransom. This will be particularly important to be aware of as the United States is in the midst of an election season, and the onus will be on government agencies to be sure they’re prepared for the possibility of interference from hacking threats.
Preparing for this increase in threats
As the threat evolves and costs explode, now is the time for IT departments to take stock of their Business Continuity and Disaster Recovery plans and understand how much is truly at stake. IT managers should start by:
- Actively securing and managing access to systems and applications, while also centralizing security controls across vendors,
- Engaging users with training and communications about BCDR planning, roles and responsibilities, and
- Maintaining and testing BCDR plans routinely
It’s going to be crucial to take a multi-tiered approach to threat prevention, which means looking into services that seamlessly integrate detection, remediation, data backups and disaster recovery. Taking an approach like this not only helps prevent attacks, but also mitigates the impact they have if a company does find itself in the line of fire.
This is why Arcserve has aligned with Sophos to fully protect against cybercriminals looking to hold data hostage. By bundling Arcserve Appliances with Sophos Intercept X Advanced, we now offer a solution that has signature-based and signatureless malware detection, advanced artificial intelligence/neural network (deep learning), anti-exploit technology, and anti-ransomware technologies to deliver protection against the widest range of endpoint threats.