In our previous post, we discussed the anatomy of the Colonial Pipeline ransomware attack, the alarming new trends and techniques used by cybercriminals, and the new targets and tactics they are using to increase the effectiveness of their attacks. It’s important that the ransomware conversation includes the costs of these attacks – both financial and intangible – as well as the ethical dilemma of paying a ransom.
Cybercrime Magazine’s’ report for 2020 estimates global cybercrime damages for this year will exceed $6 trillion, of which $20 billion is directly associated with ransomware (57X increase over 2015.) With increasing sophistication, frequency, and new targets, it’s not difficult to see the cost of ransomware will grow significantly year over year.
In reality, the worldwide cost of ransomware is much higher – in part because some organizations do not report when they pay ransoms.it That said, the true cost of ransomware is not limited to just the cost of the ransom. It also includes the cost of lost productivity, brand damage, remediation as well as other costs both tangible and intangible. Combine these factors, and it’s clear that ransomware poses will be a challenge in 2021.
Bigger Impact, Beyond Money
In past years, Hillstone’s Security Research Team has seen many ransomware incidents, but most of them didn’t receive attention from the mainstream media. What has made the recent headline-making ransomware attacks so different from others? The answer: The targets!
For example, Colonial Pipeline is not just a private company, it is part of the nation’s critical infrastructure. The aftershocks from the ransomware attack on Colonial, an organization which supplies nearly half the fuel consumed along the East Coast, have reverberated throughout society. We are now concerned with fuel shortages and hoarding, shipment disruptions, and security of national infrastructure.
For most companies, the “soft” costs of a ransomware attack can easily be far greater than the cost of the ransom. For example, lost sales opportunities, dissatisfied customers, damage to the company’s reputation, shaken shareholder confidence, penalties for unmet contractual obligations, fines for non-compliance and the cost of attack remediation and recovery can quickly mount up into the millions of dollars.
To Pay or Not to Pay?
As a matter of principle, cybersecurity experts don’t recommend paying ransoms. The ransomware business would quickly disappear if nobody paid. However, for some highly targeted and very damaging attacks, the victim might have no other choice but to meet the ransom demands.
There is no golden rule on whether to pay a ransom or not because each case is different, however; consider these points:
- There’s no guarantee a company will receive a decryption key, or that it will work once received. These are cybercriminals, after all.
- Paying can open the door to more ransomware attacks. Once paid, the word gets around among cybergangs and others could try for another piece of the pie.
- If attackers exfiltrated data, consider it gone. There is little to no certainty if the data has been uploaded to the dark web or other sites.
- It perpetuates the ransomware problem. Once attackers have the money, they can invest it in more sophisticated attacks against organizations.
Some organizations feel compelled to pay. For instance, healthcare organizations or police departments where human life/safety are at stake, and restoring from backups would take far too long need their data sooner than later. Other factors can impact the decision as well, such as whether the backups are or aren’t up to date or if operating system corruption requires a complete wipe-and-rebuild of multiple computers.
Of course, as a first line of protection against ransomware attacks, a backup and disaster recovery solution should be considered. These can help you deal with the aftermath of an attack. But what can you do to prevent a ransomware attack? There are a number of answers throughout end-point and network protection that can be highly effective against ransomware attacks. We’ll discuss them in our next post.