Technical Expertise

January 27, 2022   •   5 minute read

The Costs of Ransomware

Ransomware is a type of malware that encrypts computer files and systems, then denies owners access until they make a payment. These attacks originate from cybercriminals infiltrating a company’s network and installing encryption programs, sometimes targeting sets of files known to be valuable, and other times, encrypting everything.

The ultimate cost of ransomware attacks varies greatly depending on the actual ransom amount, rebuilding expenses, lost data, and consequential damage to clients, customers, reputation, productivity, and more. However, annual global estimates range into the billions

Ransomware’s catastrophic impact across both the public and private sectors sometimes even forces victims out of business. As such, the best way to reduce the cost of ransomware attacks is to take steps to prevent them, such as maintaining good backups and implementing continuous security monitoring

Let's take a closer look at the many costs associated with ransomware and how they can affect businesses. 

The Ransom

As aforementioned, cybercriminals typically demand some form of payment in exchange for the key to decrypt a victim’s files. This is typically ordered in cryptocurrency, such as Bitcoin. Such payoffs are not recoverable, and their transactions can be untraceable. Once the money is gone, it’s gone—even if the criminals decide not to provide the key. 

Paying the ransom may also lead to steep fines if the threat actor is classified as a blocked person and organization, including those on the U.S. Treasury Department Office of Foreign Assets Control (OFAC)’s Specially Designated Nationals and Blocked Persons (SDN) List and those under comprehensive international or regional embargoes.

Enlisting ransomware specialists is advisable because of their negotiation skills and expertise in dealing with various cybercrime groups. They may also be able to reveal whether the criminals have a good track record of providing encryption keys to unlock hostage data once the ransom is paid, enabling you to make a more informed decision about what to do next.

Some organizations may choose to pay a ransom, while others may be advised not to. Whatever the recommendations, each must ultimately decide what is optimal for their business. When your data is held hostage, your next move could mean the difference between the survival or failure of your business.

The Cost of Downtime 

When a company’s data is encrypted, it’s not uncommon for work to effectively stop. Employees may not be able to use their computers, halting productivity. The IT department will be consumed with restoring systems instead of its typical workload. This downtime can have different outcomes for different companies and organizations. If they cannot function fully, it translates into lost revenue and opportunities each day the data remains unavailable. 

This makes it all the more frustrating that ransomware attacks can be as lengthy as they are damaging. As we mentioned, cybercriminals typically require ransom in the form of a cryptocurrency transaction, which can take days to execute. Afterward, the criminals may spend several more days verifying they’ve received the funds before providing the key. Even if they do give the key—which is not guaranteed—the decryption process can last anywhere from a few days to a few weeks. 

According to a recent survey by ransomware response firm Coveware, an average business loses 22 days of business productivity to a ransomware attack.

The Damage to Reputation

When a ransomware attack affects operations, it’s almost impossible to keep it secret from stakeholders. Victims are also likely to be subject to breach and data reporting laws in all states and jurisdictions where they have customers. Depending on the reach and nature of the business, this could require filing legal paperwork in dozens of states.

The threat does not necessarily end there, either—as yet another trend in ransomware grows in popularity. Cybercriminals are now also downloading copies of victims' files and threatening to release them publicly if the ransom isn't paid. In some cases, they may even release them after it is! This introduces the potential of third-party claims, further complicating matters, increasing costs, and extending the recovery process.

While the data can be restored, there’s no guarantee of recovering customers—or their trust. 

The Recovery 

Recovering files and data is a costly, lengthy, and tedious process. Despite the time, expense, and effort, the results can still vary greatly. Once the ransom is paid and a decryption key is provided, only 95% of the data is likely to be decryptable, according to Keith Strassberg, Chief Operating Officer at Cybersafe Solutions. That leaves some percentage of the data rendered lost, having been damaged by the encryption process.

Recovery of files is not the only worry. The next step is for the business to assess how attackers got in, and take action to prevent similar attacks from happening again. This can involve rebuilding and upgrading systems and their security.

How to Avoid These Costs

Ransomware attacks pose a serious threat to businesses. Even with a swift response to mitigate an attack, the results can still be devastating. It may take years to recover, and some businesses never fully do. Luckily, there are a few steps you can take to reduce these risks. 

Consistent & Protected Backups

Should a ransomware attack occur, the only real alternative to paying the ransom and receiving the decryption key is to restore files from backups. Most organizations, however, don’t adequately secure their backups, and the threat actors end up encrypting them in the ransomware attack along with the other files. Cybercriminals understand these are your first and best option to avoid paying the ransom, so they target them when deploying ransomware.

A best practice is to ensure that the daily accounts you use to access your files and systems are not the same you utilize to create backups. Having dedicated and highly secured accounts just for your backups is a must. Another important best practice is to move at least one backup offsite, and ideally, have one offline at all times.

Ransomware Insurance

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage, can pay for expenses following a security breach or cyber incident. One-third of U.S. companies currently purchase some type, according to multinational professional services network PwC. Cyber insurance is relatively inexpensive, and can provide the funds necessary to cover expenses related to first parties, as well as claims by third parties in the event of an attack. 

Be sure to use an experienced broker who can spot loopholes and supplemental riders necessary to pay ransoms, cover legal fees, and provide for other related expenses.


The most effective way to fight ransomware attacks, however, is to neutralize threats before they have the opportunity to inflict damage.

This can be done by combining the precautions above with 24/7/365 network and endpoint security monitoring. By surveilling your digital environment day and night for anomalies and suspicious activity, a team of experienced cybersecurity experts can detect when a threat has penetrated the network, and contain it—thereby preventing what could have been a costly incident.

Cybersafe Solutions is a state-of-the-art managed security provider, specializing in 24/7/365 monitoring. We provide global clients Security Operations Center as a Service (SOCaaS) through managed detection, response, and containment. Our team of certified specialists has more than 20 years of experience in the cybersecurity space, and is ready to protect your most important assets. Contact us to learn more.