Technical Expertise

May 22, 2020   •   5 minute read

The Costs of Ransomware

Ransomware is a type of malware that encrypts computer files and systems, then denies owners access until a payment is made. These attacks originate from cybercriminals infiltrating a company’s network and installing encryption programs, sometimes targeting sets of files known to be valuable, other times encrypting everything. 

Though the ultimate costs of such cyberattacks vary greatly from company to company—dependent on everything from the actual ransom amount, rebuilding costs, and lost data to consequential damage to clients, customers, reputation, productivity, and other factors—annual global estimates range into the billions

Its catastrophic impact across both the public and private sectors sometimes even forces victims completely out of business. As such, the best way to reduce the costs of ransomware attacks is to take steps to prevent them, such as maintaining good and frequent backups as well as implementing 24/7/365 network and endpoint monitoring. 

Let's take a closer look at the many costs associated with ransomware and how they can affect individual businesses. 

The Ransom

As mentioned above, cybercriminals will typically demand some form of payment in exchange for the key to decrypt the victim’s files. That payment is usually done in the form of a cryptocurrency, such as Bitcoin. There is no recovery with such payments, and transactions can be untraceable. Once the money is gone, it’s gone—even if the criminals decide not to provide the key. Enlisting ransomware specialists is recommended because of their negotiation skills and expertise dealing with various hacker groups. Such specialists may also be able to reveal whether the criminals have a good track record in providing encryption keys to unlock hostage data once the ransom is paid, enabling you to make a more informed decision about what to do next.

Some organizations may choose to pay a ransom, while others may be advised not to. Whatever the recommendations, each must ultimately decide what is optimal for their business. When your data is held hostage, your next move could mean the difference between the survival and failure of your business.

The Cost of Downtime 

When a business’s data is encrypted, it’s not uncommon for work to effectively stop. Employees may not be able to use their computers, halting productivity. The IT department will be consumed with restoring systems, instead of its typical workload. This downtime can have different outcomes for different companies and organizations, as they will not be able to function, which translates into lost revenue and opportunities every day that the date remains unavailable. 

This makes it all the more frustrating that ransomware attacks can be as lengthy as they are damaging. As we mentioned, cybercriminals typically require ransom in the form of a cryptocurrency transaction, which can take days to execute. After that, the criminals may take days to verify that they’ve received the funds and provide the key. Even if they do provide the key – which is not guaranteed – the decryption process can take anywhere from a few days to a few weeks. 

According to a recent survey by ransomware response firm Coveware, an average business loses 16 days of business productivity to a ransomware attack.


The Damage to Reputation

Keeping the inability to service customers and supplies and conduct business as normal a secret will be almost impossible, and it is more than likely that stakeholders will become aware of the situation. Victims are also likely to be subject to numerous breach and data reporting laws in all states and jurisdictions they have customers in. Depending on the reach and nature of the business, this could mean needing to file legal paperwork in dozens of states.

And the threat does not necessarily end there, as another trend in ransomware is growing in popularity. Cybercriminals are now also downloading copies of victims' files and threatening to release them publicly if the ransom isn't paid. In some cases, they may even release them after it is paid. This introduces the potential of third-party claims—further complicating matters, increasing costs, and extending the recovery process.

While the data can be restored, there’s no guarantee of recovering customers or their trust


The Recovery 

Recovering files and data will be a costly, lengthy, and tedious process. Despite that time, expense, and effort, the results can still vary greatly. Once the ransom is paid and a decryption key is provided, only 95% percent of the data is likely to be decryptable, according to Keith Strassberg, Chief Operating Officer at Cybersafe Solutions. That leaves some percentage of the data rendered lost, having been damaged by the encryption process.

Recovery of files is not the only worry. The next step is for the business to assess how attackers got in and begin taking steps to preventing similar attacks from happening again. This can involve rebuilding and upgrading systems and their security.


How to Avoid These Costs

Ransomware attacks pose a serious threat to businesses. Even when swift steps are taken to mitigate an attack once it’s occurred, the results can still be devastating and may take years to fully recover from—if at all. Luckily, there are a few steps you can take for your business to help mitigate these risks. 

Consistent and Protected Backups

Should a ransomware attack occur, the only real alternative to paying the ransom and receiving the decryption key is to restore files from backups. Most organizations, however, don’t adequately secure what backups they have, and they end up being encrypted in the ransomware attack along with their other files. Hackers understand these backups are your first and best option to avoid paying ransom and will take the time to target and encrypt them when deploying their ransomware.

A best practice is to ensure that the daily accounts you use to access your files and systems are not the same ones used to create the backups. Having dedicated and highly secured accounts just for your backups is a must. Another important best practice is to move at least one backup offsite daily and ideally have one offline at all times.

Ransomware Insurance

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage, can pay for expenses following a security breach or cyber incident. One-third of U.S. companies currently purchase some type, according to multinational professional services network PwC. Cyber insurance is relatively inexpensive and can provide the funds necessary to cover expenses related to first parties, as well as claims by third parties in the event of an attack. 

Be sure to use an experienced broker who can spot loopholes and supplemental riders that are necessary to pay ransoms, cover legal fees, and other related expenses.

The most effective way to fight ransomware attacks, however, is to neutralize threats before they have the opportunity to inflict damage.

This can be done by combining the precautions above with 24/7/365 network and endpoint security monitoring. By monitoring your digital environment day and night for anomalies and suspicious activity, a team of experienced cybersecurity experts can detect when a threat has penetrated the network and contain it, thereby preventing what could have been a costly incident.


Cybersafe Solutions is a state-of-the-art managed security provider, specializing in 24/7/365 network and endpoint monitoring services. We provide global clients Security Operations Center as a Service (SOCaaS) through managed detection, response, and containment. Our team of certified specialists have more than 20 years of experience in the cybersecurity space and is ready to protect your most important assets. Contact Us to learn more.