A new US report has found that after an actual Ransomware attack, the average cost of recovery is US $1.4 million (£1.1 million) if organisations do pay the ransom, but a lesser US $730,000 (£593,000) if they do not. A quarter of victims did admit to paying up.
It seems, therefore, that organisations could find themselves doubling their cost of sorting out a ransomware attack, if they actually do pay off the cyber-criminals.
This new survey produced for Sophos’ State of Ransomware 2020 report explains that the average cost of tackling the effect of such an attack, including business downtime, lost orders, operational costs, etc., but not including the actual ‘ransom’, was over US $730,000 (£593,000).
Ransom
The average cost then increased to US $1.4 million (£1.1 million), which is almost twice as much, if organisations went on to pay the ransom.
It was discovered that over half (51%) of organisations had experienced a ‘significant’ ransomware attack in the previous year, compared to just 54% in 2017. Data was said to be encrypted in nearly three quarters (73%) of attacks that successfully led to a breach. More than one quarter (27%) of organisations hit by ransomware did admit to paying the ‘ransom’.
Recovery
It also found that over half (56%) the IT managers canvassed were able to recover their data from backups without paying the ransom at all. In a very few cases (1%), paying the ransom did not lead to any recovery of data. This rose to 5% for public sector organisations. Overall, 13% of the public sector organisations examined never succeeded in restoring their encrypted data, compared to a 6% overall.
Public Sector
Oddly, it was the public sector that was least affected by ransomware, with only 45% of the organisations looked at in this category advising they were hit by a ‘significant attack’ in the previous year. World-wide; media, leisure, & entertainment businesses in the private sector were most severely affected by ransomware, with 60% of those surveyed describing attacks.
Backups
Corey Nachreiner, CTO of WatchGuard Technologies, explained that if organisations have not made proper backups, there were, sadly, only a limited number of things possible.
“You can try to rebuild what was lost from scratch, look for other areas where you may have kept copies and follow security sites & companies that sometimes crack or unveil ransomware decryptors. However, there is no guarantee this will occur. So, if you have really lost the data you may never, ever get it back, unless you pay (not always exactly guaranteed), so the act of preparing for ransomware ahead of time is absolutely crucial,” he seriously cautioned.
Good practice
Safi Raza, Director of Cyber-security at Fusion Risk Management, advised that having many copies of the backups is particularly good practice.
“Many cloud storage locations now offer real time data backups with copies distributed across various data centres. Using a unique & robust authentication system will also help secure the backups. Another option is to utilise offline storage,” he outlined.
Safi concluded that prevention is the key to optimally dealing with ransomware. “Network segmentation, effective patch management policy, reliable IDS and IPS technologies, periodic security awareness training, & secure offline backups, etc. are the only few of the methods that can be employed to prevent any future attacks.”
Capitulation
The findings of this survey make fascinating reading, are seemingly counter-intuitive, and clearly conclude that ‘capitulation’ is not necessarily the most cost-effective course of action following a ransomware attack.