Locks and Security News: your weekly locks and security industry newsletter
21st February 2024 Issue no. 693
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
How much could a ransomware attack really cost? Don’t wait to find out
Recent research by cyber security firm Cybereason has revealed that a third of ransomware victims were forced to close temporarily or permanently as a result of an attack.
According to ransomware protection specialist ProLion, calculating the true cost of ransomware before an attack is an impossible question to answer. The research found that 80 percent of ransomware victims that paid their ransom suffered repeat attacks. Many were attacked less than a month later – some by the same attackers and some for an even higher ransom amount.
Even after having paid off attackers, there’s no guarantee that a company or organisation will recover all of its data and be able to resume operations. The research revealed that of the organisations who opted to pay attackers, 54 percent reported that some or all of their data that had been encrypted during the attack was corrupted during the recovery process.
Steve Arlin, VP Sales, UK, Americas & APAC at ProLion, said, “This research underlines two important lessons – 1) paying ransomware attackers is a bad idea: and 2) the true cost of a ransomware attack is almost impossible to calculate.
“Instead, organisations should focus on detection and prevention strategies that stop ransomware attacks as early as possible before their critical systems and data are put at risk.
“The effects of ransomware are varied and often unpredictable, and are very difficult to quantify in a cost equation. Once an organisation has been breached by ransomware, it’s immediately vulnerable to the loss of mission-critical systems with crippling consequences. The extra threat of data loss or leakage adds piles on the pressure with in terms of reputational damage and the potential regulator fines relating to GDPR.
“As a result, there are essentially three layers of potential cost following a ransomware attack - the original ransom demand: the cost of remediation following the attack: and the cost of revenue loss from the combination of downtime plus the inevitable negative publicity that will ensue.
“Even with the ransomware removed and the system restored from backups, the problem may not go away. The attacker might still have backdoor access to the network and be able to just as easily re-deploy the same ransomware. We’re also seeing new tactics from cybercriminals, including instances in which ransomware gangs have remained within a system and charged their victim a retainer fee to not inflict further damage and to also fend off other potential attackers.
“Cyber security decision makers have been continuously presented with research that emphasises the importance of preventative measures,” continued Arlin. “If you still think it’s right to pay, you don’t know how much a ransomware group will demand, you don’t know how long it will then take to get back up and running, and you don’t know what other hidden or unexpected costs you might face along the way.
“You also can’t calculate the impact the attack will have on your relationships with customers. In contrast, the cost of preventative measures can be budgeted for and controlled. It’s an investment that helps put your customers’ minds at ease.
“If you find yourself in a dialogue with cybercriminals, negotiating for the safe return of your network and data and weighing up the decision to pay or not, then ultimately you’ve already failed your staff and your customers,” he added.
“The advice is clear: there's no way to completely protect your organisation against a ransomware attack, and therefore businesses should adopt a 'defence-in-depth' approach. This means using layers of defence with several mitigations at each layer. You'll have more opportunities to detect an incoming attack, and then stop it before it causes real harm,” Arlin concluded.
ProLion GmbH is a developer of ransomware protection and data integrity software solutions for any ONTAP centralised file services environment and high-availability solutions for SAP and MetroCluster environments.
Founded in Austria, ProLion’s best-of-breed CryptoSpike solution eliminates system downtime and data loss risk ensures that an organisations’ data remains secure, compliant, manageable and accessible.
20th July 2022