Cybercrimes are constantly rising and getting more sophisticated every day. It will soon be easier to ask who has not been victimized than who has. In its 2022 threat landscape report, the European Union Agency for Cybersecurity (ENISA) ranked ransomware and threat attacks as the top cyberthreats. Although some recent reports reveal that ransomware attacks declined in 2022, this threat still remains a major concern among cybercrimes.
In 2021, Cybersecurity Ventures predicted that businesses would fall victim to a ransomware attack every 11 seconds. This frequency is now predicted to rise over the next five years —reaching the rate of an attack every two seconds by 2031. Furthermore, the economic impact of ransomware attacks is increasing exponentially and is expected to exceed $265 billion within a decade.
Since cyberattacks now seem inevitable, it is important to understand and measure the overall impact that tomorrow’s ransomware could have on your business. There are several factors that need to be considered, so let’s explore those impacts in greater detail.
The shutdown cost
According to a survey conducted by Sophos in 2021, remediation costs, which include business downtime, lost orders, operational costs and more, increased from an average of $761,106 in 2020 to $1.85 million in 2021. Obviously, this amount depends on the company targeted and can vary widely. In 2017, FedEx experienced an estimated loss of $300 million due to the Petya cyberattack.
However, the shutdown impact of a ransomware attack is not always financial — it can put people’s lives at risk. In December 2022, the André Mignot hospital in the suburbs of Paris was forced to shut down its phone and computer systems during a ransomware attack.
The ransom cost
The cost of the average ransom payment is constantly rising. A survey conducted by Sophos estimates that the average ransom payment reached $812,360 in 2022, nearly quintupling over 2020. However, this amount varies a great deal, depending on the company targeted, its industry and — most importantly — its ability to pay.
In 2021, the manufacturing and production industry had the highest average ransom payments of $2.04 million. The French electronics manufacturing services company, Asteelflash, suffered from REvil ransomware in 2021 and was asked to pay $24 million in ransom. However, it’s important to note that payment does not mean complete data restitution.
According to a study conducted by Cloudwards in 2021, 32% of businesses and organizations that were hit by ransomware attacks did pay the ransom, but recovered only 65% of their data.
While ransom payments and shutdown costs can appear to be the main economic impacts of a ransomware attack, it can do long-term damage to a company’s brand value and reputation. A Cybereason study shows that 53% of organizations that experience a cyberattack . Password manager companies like LastPass are currently facing this risk. However, the level of impact of ransomware attack depends on the company activity and will often be linked to the loss of customers’ personal data.
According to a data breach survey conducted by Field Effect, almost 40% of respondents ranked reputation damage as their top concern, followed by cost, system damage and downtime; a serious menace given that 77% of ransomware attacks in 2021 included a threat of data leaks.
Recovery from a ransomware attack
In 2021, 61% of businesses hit by ransomware suffered 21 days of downtime on average. There are a few steps that organizations can take to recover from a ransomware attack. First, isolate the infected systems to prevent the ransomware from spreading to other systems. Next, try to identify the ransomware variant, which will help in finding a solution. Then, restore data from the backup if possible, which is the simplest and quickest way to recover from a ransomware attack. If backup recovery is not an option, decryption tools can be an alternative — since some ransomware variants have free decryption tools available. It is also important to contact law enforcement as soon as possible, because they might be able to assist in recovering files.
Legal pursuit: The second battle
The potential cost of legal actions must also be considered. Lawsuits are becoming common as cyberattacks increase and public awareness around personal data protection is on the rise. The legal cost will depend on several factors, including breach size, type of data stolen, location, industry and collateral damage.
In 2021, T-Mobile suffered a massive data breach that comprised the data of over 75 million consumers, prompting a $350 million settlement. If approved, this settlement would become the second largest data breach payout in US history. In the same year, Scripps Health suffered a ransomware attack that affected 1.2 million patients, and a $3.5 million settlement was proposed to resolve the class action.
Cyber insurance: A preventive measure or a lure for ransomware?
In the end, the overall cost that a business may have to bear as a result of a ransomware attack could become a real threat to its existence. Cyber insurance has emerged to provide financial protection and operational support to organizations in the event of a cyberattack.
However, recent articles have accused cyber insurance of being an incentive for cyber extortion. Some experts argue that the availability of cyber insurance may discourage organizations from investing in robust security measures, resulting in more vulnerable systems that are more likely to be targeted by attackers. Additionally, some attackers may specifically target organizations with cyber insurance because they know that these organizations are more likely to pay a ransom to recover their data – and the insurer only reimburses the ransom cost under certain conditions.
Currently, most cyber insurance does not cover ransom payments, but might offer coverage for business interruption, data recovery, forensic IT, crisis management and public relations.
Best practices to keep your business safe
There are several proactive safety measures you can take, such as updating all software on a regular basis. This is critical to address known vulnerabilities, especially knowing that hackers can exploit a zero-day vulnerability as quickly as 15 minutes after its public disclosure. Antivirus software should be installed and kept up to date to detect and eliminate malware. It is important to back up important data frequently, either on an external hard drive or a cloud-based service. To limit the spread of malware within your network, it is also recommended to use network segmentation, which separates sensitive data from less critical systems. Another best practice is using a solution to monitor network activity and identify any signs of a ransomware attack.
Finally, because human error poses a serious threat to security, it is essential to train employees to recognize and prevent ransomware attacks, and to strictly adhere to guidelines for managing confidential information. By doing so, companies can reduce the threat of malicious attacks and keep their data secure. Finally, organizations must train and prepare their security teams by running regular tabletop exercises and major cyber crisis simulations.
The old adage that “lightning never strikes the same place twice” does not hold true for ransomware attacks. In fact, companies that have paid a ransom in the past are more likely to become targets again. According to a recent study, 80% of companies that paid a ransom were hit a second time, and 40% of those ended up paying a higher amount the second time.
On one hand, it seems likely that attackers view these companies as easier targets because they had previously demonstrated a willingness to pay. On the another hand, it is possible that attackers may also have obtained sensitive information about the company during the initial attack that they could use to launch a more sophisticated attack in the future.
In conclusion, my best piece of advice is: be prepared, don’t pay and have a plan to counter ransomware.
About the author
Market Intelligence Specialist
Prescillia Lelgouarch leads the Market Intelligence activities for the Big Data & Security (BDS) division. She provides market and competitive intelligence to support the division’s orientations and strategic decisions. After joining Atos in 2018 as an apprentice, she held a permanent position of Market Intelligence specialist within BDS, where she built, structured and developed this activity. Besides, Prescillia holds a Master’s degree in International Relations, Security & Defense and a consultant title from the European School of Economic Intelligence.