Organisations could find themselves doubling the cost of clearing up after a ransomware attack if they pay off cybercriminals.
According to a new survey for Sophos’ State of Ransomware 2020 report, the average cost of tackling the effect of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was more than US$ 730,000 (£593,000). This average cost rose to us$1.4 million (£1.1 million) , almost twice as much, when organisations paid the ransom.
The survey found that more than half (51 percent) of organisations had experienced a significant ransomware attack in the previous 12 months, compared to 54 percent in 2017. Data was encrypted in nearly three quarters (73 percent) of attacks that successfully breached an organisation. More than one quarter (27 percent) of organisations hit by ransomware admitted paying the ransom.
It also found that over half (56 percent) the IT managers surveyed were able to recover their data from backups without paying the ransom. In a small minority of cases (one percent), paying the ransom did not lead to the recovery of data. This figure rose to five percent for public sector organisations. In fact, 13 percent of the public sector organisations surveyed never managed to restore their encrypted data, compared to six percent overall.
Surprisingly, the public sector was least affected by ransomware, with just 45 percent of the organisations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure, and entertainment businesses in the private sector were most affected by ransomware, with 60 percent of respondents reporting attacks.
Corey Nachreiner, CTO of WatchGuard Technologies, told SC Media UK that if organisations haven’t made proper backups, there are only a few things they can do.
“You can try to rebuild what was lost from scratch, look for other areas where you may have kept copies and follow security sites and companies that sometimes crack or unveil ransomware decryptors - although there is no guarantee this will happen. Other than that, if you have really lost the data you may never get it back, unless you pay (although that is not always guaranteed either), which is why preparing for ransomware ahead of time is absolutely crucial,” he said.
Safi Raza, director of cybersecurity at Fusion Risk Management, told SC Media UK that having multiple copies of the backups is a good practice.
“Many cloud storage locations now offer real time data backups with copies distributed across various datacentres. Using a unique and robust authentication system will also help secure the backups. Another option is to utilise offline storage,” he said.
He added that prevention is key to best dealing with ransomware. “Network segmentation, effective patch management policy, reliable IDS and IPS technologies, periodic security awareness training, and secure offline backups, etc. are the only few of the methods that can be employed to prevent any future attacks.”