Heads up to all users of computers and related devices: ransomware continues to be a problem. Recently, there have been reports of cybercriminals targeting US critical infrastructure with aggressive ransomware attacks. There was also an attempt by the AlphV ransomware group to take down FBI resources.
Despite the advancement of cybersecurity solutions, the ransomware problem appears barely dented. It is becoming more aggressive, and the sophistication of the attacks is only getting worse for the victims. The average cost of ransom payment has increased year after year, although there was a point when the volume of attacks slowed down. Some may think that this is only a problem for large organizations that have the money to pay for the ransom, but the reality is that everyone can be a victim.
Indiscriminate attacks
What’s the difference between kidnapping for ransom and a ransomware attack? The former targets specific victims who are usually profiled to have the ability to pay the ransom, while the latter is indiscriminate. Ransomware attacks are opportunistic and will infect whoever is unfortunate enough to allow malicious software into their systems.
While most of the victims of ransomware that are getting prominent media coverage are big businesses, more of the victims are actually smaller organizations. The US Chamber of Commerce estimates that around 70 percent of ransomware victims are small businesses. This can be because they are perceived to have less effective security systems, but in most cases, this is a matter of opportunity. Attackers attack because they find opportunities to make their attack work. Plus, there are way more small businesses compared to larger ones. Getting bigger ransoms from more financially viable victims may be a more logical option for attackers, but they are not ignoring smaller, low-hanging fruits. After all, they can easily replicate attacks against similar entities that appear to have less formidable defenses.
A report by CSO Online indicates the greater likelihood of insured companies becoming ransomware victims. The report says that 77 percent of organizations that obtained cyber insurance suffered a cyber attack at least once over the past year compared to only 65 percent for organizations that did not purchase any cyber insurance. However, this difference needs to be revised and can be attributed to unreputable insurance providers whose data may have been compromised. Besides, the report indicates no correlation between having cyber insurance and the higher likelihood of getting targeted by ransomware attacks.
All in all, ransomware attacks are still indiscriminate. They rely on tactics that infect whatever can be infected. There are only a few instances wherein the attacks are specifically aimed at particular groups of targets. Hence, regardless of size and type, every business should be wary of the ransomware problem and implement reliable defenses.
The costs
Ransomware attacks can inflict significant costs on victims. In 2023, the ransomware paid by businesses breached the $1 billion level, and industry observers are saying that 2024 will be worse. The average cost of each ransomware attack in 2023 was around $5 million. This is the higher end of the ransom payment estimates that are probably focused on high-profile attacks. Some sources point to a lower average ransom payment of around $1.5 million. Smaller businesses are certainly asked for smaller amounts for the ransom. Still, the costs of ransomware attacks are too high to be tolerable.
Aside from the ransom payment, getting infected by ransomware also comes with a host of other costs. First, the remediation cost can reach thousands to millions of dollars. Some studies project remediation and recovery costs to be up to 10 times the cost of the ransom paid. Sometimes, the lost data is so significant that an organization is forced to fold, reinvent itself, or scale down.
Another crucial ransomware cost is the disruption of business operations. This is arguably the biggest reason why organizations are forced to pay the ransom. They decide that it is better to shell out some amount for the ransom than to suspend operations until the criminally encrypted data is recovered. This is particularly true among bigger businesses with interdependent operations. Smaller companies may be able to afford the temporary business shutdown, but they are still bound to suffer substantial financial losses.
Additionally, ransomware attacks result in reputational damage. This damage is difficult to quantify, but it certainly exists and seriously impacts an organization’s ability to do business, especially in terms of attracting and retaining customers. It can quickly demolish the reputation businesses establish gradually over years or even decades.
Moreover, ransomware attacks can have legal and regulatory consequences. Attacks, especially those that attract media attention, can expose an organization’s security lapses. Businesses can face lawsuits over data mishandling and failures to comply with applicable regulations and laws. Regulatory bodies can impose fines or sanctions that can have punishing short-term and long-term effects on an organization.
A problem that should be taken seriously
Combating the ransomware threat involves more than one step or solution. It entails a combination of cybersecurity awareness education, continuous data backups, deployment of anti-malware solutions, regular software updates or security patching, and the implementation of strict security mechanisms such as user authentication. These solutions are admittedly easier said than done, though.
There’s no scarcity of solutions to the ransomware problem. Government agencies and nongovernmental institutions have collaborated to develop institutional measures to fight the problem. Anti-malware detection and prevention technologies continue to advance. However, the ransomware problem continues to grow. This reality should be a warning for organizations of all types and sizes.
Fighting the ransomware problem is more challenging than purchasing and deploying an anti-ransomware system. Larger organizations with much higher IT budgets continue to need help with the situation. It is important to address the threat holistically, starting with the implementation of defensive mechanisms and continuing to provide proper security awareness or training to everyone in the organization. This includes enforcing security best practices and complying with regulatory requirements.
The pervasive threat of ransomware underscores the need to seriously tackle the problem, not just by having robust cybersecurity but by taking on the problem holistically, with everyone in the organization working together to maximize the impact of security solutions, security policies, and compliance with regulations.
