$14 billion.That’s the estimated value of the ransomware industry—a community of threat actors and networks who target vulnerable businesses for monetary gain.
And although the ransomware industry has experienced a significant revenue drop since 2022, it remains a credible threat to any organization's revenue, stability and even long term existence.
In this article, I’ll explain how ransomware works, the average ransom payment and other hidden costs that companies incur post-attack.
What Is Ransomware?
Ransomware is a portmanteau of two words that you may already know—ransom + malware.It is a type of malware that encrypts victims’ files or accounts to deny them access until a ransom is paid.Looking back at the most prominent ransomware incidents of the last decade, you’ll find that corporations (not individuals), are the most likely targets of ransomware attacks. The rationale behind this is that such organizations have plenty of money to spare, and a lot to lose if their digital assets---i,e., company files, customer data, financial records and accounts--- are compromised.Let’s discuss how ransomware penetrates a network and what happens afterward.
How Ransomware Works
Ransomware penetrates devices and networks through phishing attacks, unsafe installations, compromised wireless networks or Remote Desk Protocol (RDP). RDP allows hackers to access and compromise computers remotely and execute malicious code.
Typically, when a ransomware infects a system, the victim(s) may find a .txt/.html file—often called a ransom note—on their system, detailing how to supply the ransom and recover the encrypted files.
Attackers typically receive ransom in the form of digital currencies such as cryptocurrencies, gift cards and vouchers, to protect their anonymity. Because the aforementioned financial platforms are mostly independent of credit card or personal records, tracing and prosecuting the hackers behind the attack is quite difficult.Another downside of ransomware attacks is that paying the ransom is a gamble. There’s no guarantee that you’ll recover your files even after processing the payment.
Types Of Ransomware
According to , there are three standard categories of ransomware namely; locker ransomware, crypto-ransomware and scareware.
Locker ransomware
Locker ransomware, as the name implies, ‘locks’ the victim out of their system. It completely takes over their screen and prevents them from using any—even the most basic computer functions until the requested ransom is remitted. This type of ransomware can halt operations within an organization because access to computers and by extension, files, is completely restricted.
Crypto-ransomware
Crypto-ransomware encrypts valuable files stored locally on a computer or mobile device. It’s nearly impossible to find the decryption key for this malware unless the malware variant is old and its key is already available on the internet.
Scareware
This type of ransomware uses scare tactics to induce you into paying a ransom under the guise of paying for an antivirus solution. I’ll explain. Scareware is fake software that claims to have detected a virus on your computer and when you click on the pop-up message, directs you to a page, where you’ll make payment in exchange for the virus being eliminated.Some scareware function as lockerware, completely disabling your standard computer functions. Others never do any damage to your files but instead, flood your screen with pop-up alerts that may be difficult to get rid of.
Breakdown of Costs Incurred Due to A Ransomware Attacks On An Organization
In 2023 and the years prior, the true cost of ransomware attacks is far more than meeting the hackers’ financial demands. When a company’s digital assets are held hostage by a threat actor, it triggers an expensive chain of events that may eventually lead to a company’s demise. Here is the breakdown of the factors that make ransomware attacks even more costly than the ransom itself.
- The Ransom Payment: To decrypt a victim’s files or devices, cybercriminals demand sums ranging from tens of thousands of dollars to a few millions. The ransom size may be directly influenced by your company’s size and worth as known to the public. recent Cost of a Data Breach report revealed that the average ransom payment is about $812,360. Considering all other factors such as downtime, assets lost and crisis management, the ransom payment may form the smallest fraction of the overall cost incurred from a ransomware attack.
- Downtime and Recovery: According to top managed service providers, downtime and recovery post-attack may cost nearly 50 times more than the ransom itself. What then makes up this added cost? IBM’s report attributes it to lost business—due to crippled operations—, notification (of customers and shareholders), escalation and post-breach response. In February, Dole Food Company, a leading supplier of fresh fruit and vegetables in North America announced that it had been subject to a ransomware attack and consequently, would halt operations within the region. During a quarterly conference call, the CEO Rory Byrne allegedly announced that the food giant incurred costs north of $5 million from the attack. That’s a classic example of how malware attacks cripple businesses and cause them to lose funds in a bid to recover and bolster their security infrastructure.
- Loss of Digital Assets: Studies have shown that although over half of ransomware victims pay the ransom, only 4% ever retrieve all their data intact. The rest either regain a fraction of it or nothing at all. Data stolen from these attacks are usually resold on the dark web as entry-points for a new series of cybercrimes. Note that a company’s digital assets including manuscripts, photos, financial records, SaaS accounts, etc, directly contribute to organizational productivity. And considering the fortune spent in creating, acquiring and organizing those assets, restarting the entire cycle can further stretch an already thin budget.
- Loss of Credibility: When a ransomware attack hits, the company is required to alert stakeholders of the incident and extent of damage done. Admitting to being attacked by ransomware may inspire two reactions. Appreciation from customers for the swift notification and distrust from investors. If a publicly traded company admits to losing control of their network to hackers, the company’s reputation and consequently, may plummet. If customers can’t trust you to keep their data safe, why should they remain in business with you?’ Although the dent on your company's reputation is reversible overtime, most don’t recover. In fact, shut down within six months following a cyber attack. Companies like Code Spaces, Travelex and the Heritage Company are just a few examples of companies that went out of business following cyberattacks.
- Legal Costs: Ransomware attacks can result in exposure of customer data and failure to honor terms of service. Such occurrences give aggrieved parties legal grounds to sue the hacked company for contractual and compliance violations. As such, additional expenses are incurred to hire legal counsel, pay required fines and fund out-of-court- settlements. Moreover, prohibits ransom payments to any sanctioned individual or jurisdiction including North Korea, Iran, Syria, Cuba and the Crimean Peninsula. Based on its strict liability principle, the OFAC will also penalize ransom-payers even if they were unaware of the hackers’ sanctioned status.
To Pay The Ransom Or Not?
Almost every well-meaning body, from law enforcement agencies to frowns on paying cybercriminals. The reason is quite simple. Ransom payment encourages cybercriminals to target more victims. From a business perspective however, pragmatism is key. First, identify what kind of malware you’re dealing with. Cybercriminals may deploy scareware—which doesn’t encrypt any data at all—to trick victims into paying or downloading dangerous software.Then, conduct a cost-benefit analysis. Consider the pros and cons of paying the ransom—i.e., the costs (financial and otherwise) of decrypting the files independently vs paying the hackers.Compliance violations, legal expenses and remediation costs should be top of mind when deciding to pay the ransom.Note that once you’ve paid the initial ransom, data recovery is not guaranteed and you can be targeted again. However, some cybercriminals prefer to cut ‘clean deals’ because their reputation is crucial to the ransomware business model. Security technologist Gary Sockrider estimates that of the time, hackers decrypt the systems post-ransom.
Preventive Measures Against Ransomware Attacks
I’ll kick this off by mentioning that it’s impossible to be 100% safe from malware attacks. As your security architecture gets tighter, hackers gain even more sophisticated skills to bypass the framework.However, implementing some preventive measures can reduce your chances of suffering ransomware attacks. Below are some low-cost measures to prevent cyberattacks.
- Backup all files: Backing up files onto a cloud environment is great, but cloud storage can also be affected by ransomware due to the file synchronization process that occurs between your local and cloud storage. Having a backup on a separate flash drive enables you to continue business operations on entirely different networks, with little downtime, whether you decide to pay the ransom or not.
- Always keep systems updated: Older versions of software are often vulnerable to data breaches, because they most likely contain security loopholes that hackers may capitalize on. Companies’ way of solving such security situations is by offering regular updates, which may include security patches, fixing the previous loopholes in the older versions. True, automatic updates can be pesky and happen in the middle of work, but it works best because there’s no room for forgetfulness, unlike with manual situations where I.T teams or personnel may completely forget to update the software. It also helps that sometimes, automatic updates sometimes let you pick a time for the updates to happen.
- Install Antivirus Software: Free antivirus software isn’t a good option, unless it’s for personal devices. You need one that can meet your personal or organization’s security needs effectively. When picking out antivirus software, look out for features like cost, OS compatibility, automatic updates, technical support, user-friendliness, real-time scanning and protection, and most importantly anti-ransomware capabilities.Some popular software plans that offer anti-ransomware functions include Bitdefender Antivirus plus, Kaspersky Total Security Premium, and Norton 360 Antivirus.
- Safe Surfing: Adopting safe browsing practices can reduce the likelihood of malware penetration. When surfing the web, verify the website’s security level before installing files or sharing any details with it. Usually, your computer will alert you if you’re visiting an unsafe website. However, one sign you should look out for is a padlock icon right next to the site link as highlighted in the image below. The padlock icon symbolizes the presence of the HTTPS protocol which ensures secure communication over a network and across the internet.
In summary…
The implications of ransomware attacks extend far more than the ransom payment. When data breaches occur, sensitive records can be exposed or compromised. This in turn results in legal battles, marred reputation and lost wages.However, the situation can be salvaged if there's a solid incident response team on call. While they strive to neutralize the threat, security analysts can explore other options like nomoreransom.org. The No More Ransom Project offers a repository of decryption keys and tools for various ransomware variants. It’s an affordable way to recover encrypted data without paying the hackers.