When considering the costs associated with a ransomware attack, we tend to assume that the greatest expense is paying the actual ransom. However, this isn’t necessarily the case. There are a number of hidden costs relating to things like forensic investigations, restoring backups, down-time, damage to reputation, lawsuits and fines. It should be noted that it’s generally not a good idea to pay the ransom. After all, there’s no guarantee that you will actually get your files back. Additionally, they may ask for more money. And for as long as people continue to pay the ransom, the attacks will keep on coming, and likely evolve in the process. Of course, in some circumstances, paying the ransom may be the only option.
Should you choose not to pay the ransom, you will need to backup and restore your files, which can be very time consuming. Additionally, you would need to carry out tests to ensure that the restored system is free from infection. Those who do not have their own response team will need to hire a third-party to carry out the job. You may also need to format the infected hard drive, re-install the operating system and applications, or even upgrade/replace certain technology. Again, all of this will take time and money.
As mentioned, even if you did decide to pay the ransom, there’s no guarantee that the attacker will give you the decryption key. And if they did, decrypting large amounts of data could take time. Victims would also need to setup and fund a Bitcoin account in order to pay the ransom. In the event of a wide-spread ransomware attack, the sudden rise in demand for Bitcoin may drive up the price, thus making the ransom more expensive.
And then we have the costs associated with down-time. When your files are encrypted by a ransomware attack, your business operations may grind to a halt. Of course, that depends on how reliant you are on your IT infrastructure. During this time you may lose out on business opportunities, and IT staff members would need to drop what they were doing and work on fixing the issue. In addition to down-time, there may also “downstream” costs. For example, if your company is experiencing down-time, this can have a knock-on effect to any suppliers, retailers or third-party contractors that you are affiliated with.
A ransomware attack could bring significant costs to your company’s reputation. Customers may lose trust in your ability to protect their sensitive data, and it may result in a significant drop in the value of your company’s shares. It could take months, or even years to regain this trust.
Finally, in the event of a ransomware attack, companies may need to shell out large amounts of money on lawsuits and fines. For example, under the GDPR, which came into effect on May 25 2018, penalties for data breaches can climb to as high as 4 percent of global turnover, or €20 million, whichever is greater. Given the size of these fines, the GDPR may actually encourage companies to pay the ransom, assuming doing so works out cheaper.
As you can see, ransomware attacks can be very costly. To make matters worse, there’s no silver bullet when it comes to protecting ourselves against such attacks, since they are ultimately caused by human error. There are, however, other ways to minimize the damage caused by an attack. One of the less cited methods includes “threshold alerting”. These days a number of sophisticated auditing solutions provide companies with the ability to automatically responds to events that match a pre-defined threshold condition. For example, if X number of files are encrypted within a specified period of time, a custom script can be executed which can stop a specific process, disable a user account, change the firewall settings, or shutdown the server entirely. There are many more ways you can use solutions to mitigate the risks of ransomware, find out more here.