What is the cost of a ransomware attack?

Ransomware attacks are on the news almost daily. But what exactly is it? How much will a ransom attack cost a business?

As we close out the year, it’s safe to say that ransomware attacks are now the norm. Over the last 11 months, threat actors have consistently demanded ransom payments that add up to hundreds of thousands of dollars or even millions.

In fact, we saw the highest ransom demand this year when the notorious REvil gang demanded a ransom of $70 million from Kaseya. Having said that, it’s important to note that the ransom itself only makes up a small percentage of the overall costs.

While major ransom demands continue to hog the headlines, we don’t hear about most ransomware attacks—many of which target small and medium-sized businesses (SMBs) and organizations. For SMBs, the recovery costs can be staggering and, at times, even crippling.

What is ransomware?

Ransomware is essentially a subset of malicious code or malware that can penetrate computers, devices, or networks and limits access to critical data by encrypting files. The objective is to force the victim to pay a ransom to decrypt the files.

The pandemic and the rise of remote work have helped accelerate ransomware attacks by 148%. So, you can bet that ransomware will continue to plague businesses across industries in the new year.

Ransomware is evolving

Like the coronavirus, ransomware is also rapidly evolving and now behaves differently. This makes it vital to adapt and adopt new methods to combat this threat. For example, it’ll help incorporate real-time monitoring and smart behavioral analytics to ensure early detection.

You must also boost your efforts to proactively predict and anticipate risks (rather than just waiting for an attack to happen to respond). As hackers continue to penetrate mobile devices and more, the stakes are higher than ever before.

Ransomware-as-a-Service (RaaS) is also on the rise. RaaS, like any software-as-a-service business model, enables affiliates to leverage advanced tools to initiate an attack. The decentralized nature of these attacks also makes it difficult to shut down.

As the tools’ creators take a percentage of ransomware payments, the average ransom demanded by cybercriminals has also increased by as much as 33%. The owners of the RaaS usually make about 20% of the total ransomware payment. As such, with criminals operating like some of the leading corporations in the world, we can only expect it to get much worse.

While ransom payments can be significant, the actual costs of a ransomware attack are harder to quantify. This is because we must calculate the cost of downtime, device costs, network costs, lost opportunities, damage to brand reputation, and much more. According to Sophos, the total cost of recovery from an average ransomware attack added up to $1.85 million this year.

How to prevent a ransomware attack?

There are a few ways to mitigate the risk of a ransomware attack:

Train all staff regularly

As humans remain the weakest link on the security chain, training your employees regularly is vital to corporate security. This approach will help them stay vigilant to a potential social engineering attack. By doing this regularly, you can ensure that they stay up to date on the latest security trends and develop a security-focused culture.

Regular cybersecurity training will help your employees identify suspicious communications. Whether it’s a social engineering attack via email or through an instant messaging platform, never click on suspicious links!

Enforce a Zero Trust security model

Always assume that your perimeter defenses will fail and take an active approach to secure your infrastructure. The zero-trust security model demands that you authenticate all devices and users that attempt to connect to your network.

This means they have to be verified every time they connect, not just once. It’s also important to actively monitor your environment and control user access. This means that users should only have access to what they need to do their job and nothing else.

Have a disaster and recovery plan and offsite backups

Always have a robust disaster and recovery plan. This approach will help your team go right to work during an active security event. Everyone will know what to do to stop the attack and prevent further damage.

Backups are critical to ensure business continuity. So, make sure to backup all sensitive and operational data to get your system back up and running as soon as possible. In this scenario, it’s critical to limit access to your backups as ransomware gangs will be looking for it. However, it’s important to note that backups can’t help if the hacker exfiltrated the data and threatened to make it public.

Always use endpoint protections

Always scan incoming emails and filter them for malicious attachments and links. In this case, it’s crucial to always keep your firewalls and endpoint detection protocols updated with the latest malware signatures.

Use strong passwords and multi-factor authentication (MFA)

It goes without saying that password security is important. As such, always use strong passwords and leverage MFA. This approach will make it harder for ransomware gangs to infiltrate and lock your system.

Leverage encryption, always

If threat actors decide to steal your data, encryption is your last line of defense. You never know how an active security event will play out, and it helps to have all your bases covered in the event of an attack. 

Hire an ethical hacking service

Finally, one of the best ways to stay a step ahead of bad actors is to think like one. So, hire an ethical hacking service to identify potential vulnerabilities missed by your in-house security team.

Whether we like it or not, ransomware is rampant. We all need to take a proactive approach and consistently follow cybersecurity best practices to mitigate risk and ensure business continuity.

Do you need help securing your digitally transformed infrastructure? Download our cybersecurity checklist now!

to top