May 14, 2020(Last updated on May 14, 2020)
FedEx reported a 300 million USD loss in the first quarter of 2017, largely attributed to the cost of disaster recovery and system downtimes in the face of attacks. With total costs associated with ransomware crippling businesses, understanding ransomware attacks is the first step to prevention. The impact of the attack can be measured in monetary cost, the loss in productivity, additional expenses associated with fixing the vulnerability, and damages to reputation.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. A company or government body’s computer network is hacked, encrypted, and held hostage by cyber attackers. The bad actors behind the attack offer a decryption key for a sum, usually in the form of cryptocurrency.
While the name might seem to set these attacks apart from other cyber attacks that cause massive leaks of consumer data, ransomware attacks start out in much the same ways. Initially, they rely on large phishing campaigns, and wait to gain access to a network through an individual. We now see these cybercriminals finding new and more advanced ways to gain access to their victim’s networks. They’ll exploit stolen credentials and weaknesses in the cyber security infrastructure to gain access before beginning to encrypt as many PCs as they can to achieve the maximum impact.
Impact of ransomware
The impact from a ransomware attack can be wide reaching and swift. Organizations will find themselves immediately locked out of important documents and systems, or their entire networks in some cases. Productivity can grind to a halt for a few days up to a few weeks. Cyber Reason reported Colorado’s transportation department took two weeks just to get back their network and files with an additional two weeks to fully restore their operations.
If a hospital were to be the victim of a ransomware attack, it would struggle to treat patients until their network was restored. In fact, the wide-spread 2017 ransomware attack WannaCry, affected a third of the hospital trusts in the United Kingdom as reported in The Telegraph. In total, it is estimated that 19,000 appointments were potentially cancelled, including chemotherapy treatments and operations.
Cost of ransomware
The demand of payment is what sets ransomware attacks apart from other cyberattacks. The ransom can vary depending on the perpetrators executing the attack and the organization they are attacking. In general, the average ransom is around 10,000 USD in crypto currency.
Comparitech reports comprehensive statistics on ransom costs in the article 2018-2019 Ransomware statistics and facts. The cybercrime group that deploys the Ryuk ransomware attacks demands a ransom of 288,000 USD. The city of Riviera Beach, Florida found itself paying out 600,000 USD to recover its files after an attack in June 2019. Forbes.com reported that a South Korean web host paid, what is believed to be the largest known ransom, of 1 million USD to recover its network after 153 servers and 3,400 websites were locked in a ransomware attack.
More damages
The lump sum ransom payment is just the beginning of the costs associated with ransomware. Downtime costs vary depending on the length of the downtime and how many individuals are affected. There are additional costs an organization will incur from working overtime to restore their systems back to normal. This usually includes extra IT personnel brought in to restore the network and systems and to help clear the backlog. The city of Atlanta spent upwards of $3 Million on emergency contracts for consultants and crisis managers, totaling out to nearly $5 Million to help rebuild its network after it experienced a ransomware attack in March of 2018, as reported by comparitech. Infosecurity Magazine reports that 19 million GBP was lost initially as a result of systems being unavailable in the NHS WannaCry attack, but the total losses are estimated at 92 million GBP due to system and data restoration and IT support.
Beyond restoration costs there are additional quantifiable costs that can result from a ransomware attack or cyberattack such as law suits, investigations and downtime. One cost that can be hard to quantify is the cost lost reputation. Loss of trust often leads to loss of revenue. In Q1 of 2017, FedEx reported a 300 million USD loss in its earnings report which it largely attributed as being a result of the NotPetya ransomware attack, as reported by comparitech.
Having a proper disclosure plan and restoration strategy in place is essential. However, IT departments also need to have technical controls in place to minimize risk footprint. Data breaches are used to start a ransomware attack. These quick fixes can help prevent data breaches:
- Patch known bugs, don’t wait!
- Block the use of weak, previously leaked passwords
- Secure high-risk use cases such as password resets, encryption key recovery
- Verify users’ identities with MFA when calling the helpdesk