It’s now been years of ransomware headlines and scandals, and cybercriminals are still at large as businesses around the world continue to fall prey to new attacks. A fully-fledged ransomware infection can potentially cripple an organization by locking away mission-critical files and systems, and many firms will quickly cave into the felon’s demands and pay exorbitant fees in the hope of quickly restoring operations. The total cost of infection can quickly reach hundreds of thousands of dollars due to lost revenue from downtime, and the time and resources needed to contain the outbreak and restore back-ups. When all is said and done, the true cost of ransomware can deal a forceful blow to unprepared business and permanently damage their reputation.
The heavy cost of infection
Ransomware attacks cost businesses anywhere between a couple of thousands to millions, and it’s predicted the cost will exceed $11.5 billion in 2019. With attacks on the rise, having the right response strategy in place can make a significant difference to the costs incurred. It has been widely proven that a proactive approach will only cost a fraction of what damage repair will require. Meanwhile, experts agree that deciding to pay a ransom is a risky move, as there are many incidents where attackers have not decrypted the files even after taking the money. Unfortunately, several studies worldwide have found that more than half of businesses in the US and UK didn’t receive their decrypted files as they expected despite paying the ransom demand. In addition to there being no honor among thieves, many of these cases are due to the use of shoddily coded ransomware that lacks the ability to unlock encrypted files. We recently saw this with the Thanatos ransomware, which failed to save the keys created for each encryption, rendering it impossible for criminals to undo their damage even if they wanted to. Paying a ransom also helps to encourage future attacks by perpetuating ransomware as a reliable money-maker from criminals.
Even when businesses either will not (or cannot) pay the ransom demands, a ransomware infection can still amount to extremely high costs very quickly. Research conducted by several leading IT companies in the US found that the amount of time spent decrypting ransomware attacks stood at an average of between 40 and 50 man-hours. On a global scale, the average yearly cost to individual businesses stands at over $750,000. Meanwhile, lost business due to interrupted or halted operations is a major cause of the high cost of ransomware, along with the additional time and resources needed to undo the damage and restore systems. The City of Atlanta, which was hit with the SamSam ransomware in March, was presented with a ransom of roughly $50,000 in bitcoin but ended up spending more than $2.6m in emergency efforts such as incident response and digital forensics.
Prevention is better than cure
With a major ransomware infection still coming with a heavy cost even for stalwarts who refuse to pay, organizations must invest in their ability to defend against attacks. SentinelOne’s study found that one in two businesses blamed employees for causing the outbreak, supported by the fact that phishing emails were used to trick staff into initiating the compromise in 69 percent of instances. As we outlined in our previous post (“Is IT Part of your Company Culture?”), better awareness among employees is a good response to the threat of deceptive emails delivering ransomware but, alongside this, firms must also ensure that they can detect and shut-down ransomware infections before they can spread and harm their operations (here are 5 ways you and your company can protect yourself against cybercriminals).
With almost all ransomware outbreaks starting with a single compromised endpoint, the defense should begin with the moment the malicious file is saved to the file system on the endpoint device. By constantly searching the binary for the unique behavioral characteristics that indicate ransomware, it is possible to detect the malicious activity before it can truly begin. One key indicator is binary entropy, which is a sign of the obfuscation and packing activity common in ransomware. Immediate, effective action is possible with our Data Backup Solutions.
Ransomware can also be detected by searching for activity such as scanning the hard drive, rapidly encrypting files, and interfering with shadow copies. Most of these actions are outside of normal user behavior and so can be instantly identified using behavioral analytics. As soon as signs of ransomware are detected, the compromised endpoint can immediately be cut off from the rest of the network, preventing the infection from spreading. The individual device can then be rolled back and cleaned of the infection. By shutting down a ransomware outbreak before it can truly begin, organizations can see off the threat with minimal disruption or cost to their operations, long before they even have to consider taking a chance on paying a king’s ransom in the hope of getting their files back.
The Time to Act is Now.
Hundreds of businessesin Puerto Rico alone have already been hit with ransomware attacks and have been rendered pretty helpless without any warning. From healthcare to telecommunications, to banking, cybercriminals are hungry for business data that will not only be held for ransom – which affects businesses – but sold to third parties – which is horrible for the end consumer. Consult with your local DRaaS and Data Backup experts to start devising a plan that takes into account your particular business needs and gives you uninterrupted peace of mind.