Stopping Ransomware Before It Starts

Share this Image On Your Site

In 2020, ransomware attacks grew 7x or more — By 2025, at least 75% of IT organizations will face at least 1 ransomware attack.

More Than Just Ransom: Counting All the Costs

  • The true cost of ransomware attacks is up to $20 billion
    • Ransomware can halt business operations, costing up to 23x more than the ransom itself
    • The Cost Of Ransomware In 2019, Per Incident* 
      • Small to medium enterprises (SMEs) represented 98% of claims
        • Claims between $2,500 and $10.1M
        • Average claim: $424,000
      • Business interruption loss is commonly left out of the equation
        • For SMEs, 
          • Average cost: $1.2 million
          • Highest cost: $6.5 million
    • Small vs Large Business Breakdown
      • Small Business (less than $2 billion revenue): $143,000
        • Ransom: $453,000
        • Crisis services: $93,000
        • Business interruption loss: $215,000
        • Recovery expenses: $42,000
        • Incident: $373,000
      • Large Business (more than $2 billion revenue): $18.9 million
        • Ransom: $175,000
        • Incident: $275,000
      • According to Sophos, average ransom demands in 2020
        • Small Business (less than 1,000 employees): $108,000
        • Large Business (1,000 to 5,000 employees): $225,000
    • From 2020 to 2021, the total cost of ransomware increased by 243%
      • The costs of recovering from a ransomware attack doubled
      • The average ransom paid by mid-sized organizations was $170,404
      • The average bill for rectifying a ransomware attack was $1.85 million
        • Including downtime, people time, device cost, network cost, lost opportunity, and the ransom paid 
  • Ransomware Demands Are Tailored To Each Victim

Attackers adjust their demands to reflect their victims’ ability to pay, and the effort needed to breach their security

  • Large enterprises are more likely to be hit by ransomware
    • Higher ransom demands
    • More sophisticated attacks
  • Small businesses face more generic attacks
    • Lower ransom demands
    • Generic, “off the shelf” attacks
  • Victims in developed economies face higher demands
    • Across the U.S., Canada, the U.K., Germany, and Australia the average ransom is 26% higher than the global average —  reaching $214,096
  • A Breakdown of Total Ransomware Costs
    • Data Loss
      • 61% lost data to corruption
      • 82% lost significant data
    • Insurance Premium Increases
      • In the first quarter of 2021, premiums increased month-to-month
        • January: 29%
        • February: 32%
        • March: 39%
      • For high-risk organizations, premium increases of up to 50-60% may become the norm
      • Deductibles raised to $1 million
      • More insurance clients are opting for cyber coverage — up from 26% in 2016 to 47% in 2020
    • Reinfection:
      • 80% Reinfection rates
      • 46% Of victims suspect it was the same attackers
  • Cyber Insurance Claims Are Being Denied

In the first half of 2020, 41% of cyber-insurance claims were related to ransomware attacks

  • As ransomware becomes more common, insurers have imposed limits or stopped covering ransomware altogether
    • In the U.S., 73% of insurers are declining more applications for cyber coverage
    • Insurers are
      • reducing coverage for high-risk sectors
      • auditing applicant’s security when they apply
      • Lowering total coverage limits
      • Capping ransom payouts
  • Regulatory changes will increase costs to businesses that fail to prevent an attack
    • In the EU, GDPR imposes fines on business that fail to protect consumer data
    • In the US,
      • California’s CCPA allows consumer to sue businesses after a breach — without having to prove the breach caused harm
      • In 2020, the US Treasury began prosecuting those who facilitate ransomware payments made to sanctioned individuals and jurisdictions
  • Worldwide, law enforcement agencies discourage ransomware payments — believing giving in to demands will encourage more attacks
    • So far, paying ransoms is not illegal

The true extent of ransomware is unknown — Most likely, many victims pay the ransom demand and never report that a breach occurred

Ransomware Will Continue To Grow

  • In 2021, Avaddon ransomware group announced they were shutting down
    • Officially, the group had 88 known victims
    • Decryption keys were released for 2934 victims
    • If all the victims paid the average reported, the group made about $1.8 billion…but we don’t know the full extent
      • Just 3% of victims had reported the ransomware attack
      • Downstream issues beyond this include job losses and business loss
  • Multifaceted Attacks

Many organizations still think of ransomware as one-off attacks, like WannaCry in 2016 — Today, ransomware is far more complex

  • Ransomware may be deployed along with
    • Network Penetration: Compromising your organization’s network with stolen credentials and/or malware
    • Credential Harvesting: Collecting login credentials for critical systems, such as Domain Name System (DNS)
    • Attacking Backups: Data storage can provide a roadmap to what information is most sensitive
    • Double Extortion: Thread of publicizing data theft after a ransomware attack — Often in response to companies saying they won’t pay
  • Attacks Happening at the Software Level
    • The latest zero-day attack on Kaseya compromised both the software and the software’s clients – up to 1500 businesses have been impacted by one attack
      • Zero-day: a computer-software vulnerability unknown to those who should be interested in its mitigation (including the vendor of the target software)

With the shift to work-from-home, securing your business from cyberattacks is more difficult than ever

Protecting Your Business From Ransomware

  • Ransomware Best Practices
    • Stay up-to-date: Patches and software updates are key to protecting yourself against ransomware
    • Employee awareness: Empower employees to assess whether an attachment, link, or email is trustworthy
    • Back up data: Keep critical data backed up on external devices to aid recovery should there be an attack
    • Malware detection: Early detection of suspicious activity is your first line of defense

As ransomware attacks are getting more sophisticated,  It’s not a matter of if but when.