When companies lose access to their data, cybercriminals will demand a ransomware settlement. The problem is that this fee can quickly add up. In 2021, for example, hackers hit the US Colonial Pipeline, causing it to shut down and strand fuel in a crisis. It settled for a $5 million payout.
A Temporary Fix
For companies that store large amounts of sensitive information, ransomware is a serious problem. Malicious actors use software to seize and block access to company computer systems and then demand a monetary settlement in exchange for the data. This has become an increasingly common problem, and companies that have fallen victim to this attack have paid a staggering $350 million in recent years. This is a blatant indication that the business world has realized it needs to invest heavily in enhancing its cybersecurity.
The good news is that a security researcher’s identification of the malware’s weak point is causing a slowdown in the ransomware plague. Once this flaw was discovered, threat actors could no longer use affected PCs’ encrypted files to distribute the malware. However, this break might be temporary.
Once a ransomware attack occurs, there are many hidden costs that victims can face. These include incident response and recovery expenses, IT upgrade costs, lost productivity, and potential legal fines and settlements.
For example, when the UK foreign currency exchange company Travelex suffered a ransomware attack in 2019, the hackers demanded $2.3 million for its data. The company was forced to pay the ransom, which only delayed losing valuable information. It also meant that employees could only work for a few weeks, and customers had to be turned away.
A Long-Term Solution
If a victim pays the ransom, there is no guarantee that threat actors will disinfect the systems, delete pilfered data or give up their access to the network. There’s also the risk of attackers installing more malware or selling or transferring their illicit access to other criminal groups.
Moreover, cybersecurity professionals like Fortinet warn that the large cost of ransomware settlements don’t end with a financial transaction: forensic investigations, public disclosures and other regulatory obligations are significant expenses for victims as well. And then there’s the cost of upgrading IT systems and putting them back online, which may be far more than the initial ransom fee.
The CWT Global incident is a good example of a company dealing with direct and hidden ransomware costs. Fortunately, the travel firm negotiated a lower sum with the attackers than they initially demanded.
Nevertheless, the company suffered from lost time, interference and inconvenience for its customers due to the attack. Plus, it was required to spend significant resources on restoring its internal IT system and customer records. In addition, the company had to deal with the fallout from the incident in its interactions with investors and other stakeholders. This included a $3 million settlement with the Securities and Exchange Commission over allegations that it misled investors through disclosures about its 2021 ransomware attack.
The Risk of Recurring Attacks
When a company pays a ransom, it is considered a good mark to cyber criminals. If they see that an organization is willing to pay, they will likely be more confident that they can infect other systems and collect even more money. This may also lead to a recurrence of attacks, making it even harder for the business to recover.
Many of the most costly ransomware incidents involve large corporations with access to much personal information. This data is valuable to hackers, who can sell it to other criminals or use it for blackmailing purposes. When these types of incidents occur, isolating the infected system quickly and communicating with breach counsel and insurers out-of-band is important to avoid tipping off actors.
This approach can mitigate some of the most severe costs associated with a ransomware attack. A company’s reputation damage can be far more substantial than a few thousand dollars paid to the hacker. This damage can impact investor confidence and strain relations with valued customers and other stakeholders.
Another cost to consider is a potential lawsuit from customers, vendors or partners impacted by the incident. Sometimes, these suits can be meritless, resulting in hefty fines for privacy violations, negligence, and service downtime.
The Risk of Losing Data
As companies continue to rely on more and more data systems, cybercriminals are finding new ways to cripple them with ransomware. These attacks typically target specific systems, networks or applications most important to the business. The goal is to disrupt operations and drive up recovery costs, promising to release the company’s data when the ransom is paid.
The cost of a ransomware settlement is rising to alarming levels. Cybersecurity ventures estimate that firms paying ransomware settlement fees jumped 350% through 2021. Companies are also experiencing increasing downtime incidents and growing customer frustration with their inability to respond quickly to an attack and maintain seamless business continuity.
Data is your company’s lifeblood and a lucrative target for hackers. When they infect your company’s systems with ransomware, they encrypt files and lock you out of your data systems. Depending on the type of ransomware, they may even threaten to publish your confidential information online or expose it to the public.
Recovering from a ransomware attack requires the widest range of IT skills. A team of recovery experts can assist your IT team in establishing multiple response teams that work concurrently and collaboratively with the utmost focus on operational continuity. Services include determining the nature of the ransomware and testing decryption tools; communicating with the hacker; budgeting and negotiating an appropriate settlement; and restoring machines and software services to their pre-encryption state.