Stopping Ransomware Before It Starts

In 2020, ransomware attacks grew 7x or more — By 2025, at least 75% of IT organizations will face at least 1 ransomware attack.

More Than Just Ransom: Counting All the Costs

• The true cost of ransomware attacks is up to $20 billion
  • Ransomware can halt business operations, costing up to 23x more than the ransom itself
  • The Cost Of Ransomware In 2019, Per Incident* 
    • Small to medium enterprises (SMEs) represented 98% of claims
      • Claims between $2,500 and $10.1M
      • Average claim: $424,000
    • Business interruption loss is commonly left out of the equation
      • For SMEs, 
        • Average cost: $1.2 million
        • Highest cost: $6.5 million
  • Small vs Large Business Breakdown
    • Small Business (less than $2 billion revenue): $143,000
      • Ransom: $453,000
      • Crisis services: $93,000
      • Business interruption loss: $215,000
      • Recovery expenses: $42,000
      • Incident: $373,000
    • Large Business (more than $2 billion revenue): $18.9 million
      • Ransom: $175,000
      • Incident: $275,000
    • According to Sophos, average ransom demands in 2020
      • Small Business (less than 1,000 employees): $108,000
      • Large Business (1,000 to 5,000 employees): $225,000
  • From 2020 to 2021, the total cost of ransomware increased by 243%
    • The costs of recovering from a ransomware attack doubled
    • The average ransom paid by mid-sized organizations was $170,404
    • The average bill for rectifying a ransomware attack was $1.85 million
      • Including downtime, people time, device cost, network cost, lost opportunity, and the ransom paid 
• Ransomware Demands Are Tailored To Each Victim

Attackers adjust their demands to reflect their victims’ ability to pay, and the effort needed to breach their security

• Large enterprises are more likely to be hit by ransomware
  • Higher ransom demands
  • More sophisticated attacks
• Small businesses face more generic attacks
  • Lower ransom demands
  • Generic, “off the shelf” attacks
• Victims in developed economies face higher demands
  • Across the U.S., Canada, the U.K., Germany, and Australia the average ransom is 26% higher than the global average —  reaching $214,096

• A Breakdown of Total Ransomware Costs
  • Data Loss
    • 61% lost data to corruption
    • 82% lost significant data
  • Insurance Premium Increases
    • In the first quarter of 2021, premiums increased month-to-month
      • January: 29%
      • February: 32%
      • March: 39%
    • For high-risk organizations, premium increases of up to 50-60% may become the norm
    • Deductibles raised to $1 million
    • More insurance clients are opting for cyber coverage — up from 26% in 2016 to 47% in 2020
  • Reinfection:
    • 80% Reinfection rates
    • 46% Of victims suspect it was the same attackers
• Cyber Insurance Claims Are Being Denied

In the first half of 2020, 41% of cyber-insurance claims were related to ransomware attacks

• As ransomware becomes more common, insurers have imposed limits or stopped covering ransomware altogether
  • In the U.S., 73% of insurers are declining more applications for cyber coverage
  • Insurers are
    • reducing coverage for high-risk sectors
    • auditing applicant’s security when they apply
    • Lowering total coverage limits
    • Capping ransom payouts
• Regulatory changes will increase costs to businesses that fail to prevent an attack
  • In the EU, GDPR imposes fines on business that fail to protect consumer data
  • In the US,
    • California’s CCPA allows consumer to sue businesses after a breach — without having to prove the breach caused harm
    • In 2020, the US Treasury began prosecuting those who facilitate ransomware payments made to sanctioned individuals and jurisdictions
• Worldwide, law enforcement agencies discourage ransomware payments — believing giving in to demands will encourage more attacks
  • So far, paying ransoms is not illegal

The true extent of ransomware is unknown — Most likely, many victims pay the ransom demand and never report that a breach occurred

Ransomware Will Continue To Grow

• In 2021, Avaddon ransomware group announced they were shutting down
  • Officially, the group had 88 known victims
  • Decryption keys were released for 2934 victims
  • If all the victims paid the average reported, the group made about $1.8 billion…but we don’t know the full extent
    • Just 3% of victims had reported the ransomware attack
    • Downstream issues beyond this include job losses and business loss
• Multifaceted Attacks

Many organizations still think of ransomware as one-off attacks, like WannaCry in 2016 — Today, ransomware is far more complex

• Ransomware may be deployed along with
  • Network Penetration: Compromising your organization’s network with stolen credentials and/or malware
  • Credential Harvesting: Collecting login credentials for critical systems, such as Domain Name System (DNS)
  • Attacking Backups: Data storage can provide a roadmap to what information is most sensitive
  • Double Extortion: Thread of publicizing data theft after a ransomware attack — Often in response to companies saying they won’t pay
• Attacks Happening at the Software Level
  • The latest zero-day attack on Kaseya compromised both the software and the software’s clients – up to 1500 businesses have been impacted by one attack
    • Zero-day: a computer-software vulnerability unknown to those who should be interested in its mitigation (including the vendor of the target software)

With the shift to work-from-home, securing your business from cyberattacks is more difficult than ever

Protecting Your Business From Ransomware

• Ransomware Best Practices
  • Stay up-to-date: Patches and software updates are key to protecting yourself against ransomware
  • Employee awareness: Empower employees to assess whether an attachment, link, or email is trustworthy
  • Back up data: Keep critical data backed up on external devices to aid recovery should there be an attack
  • Malware detection: Early detection of suspicious activity is your first line of defense

As ransomware attacks are getting more sophisticated,  It’s not a matter of if but when.

Sources:

• https://www.cohesity.com/forms/research-report/gartner-ransomware-report-how-modern-backup-applications-can-protect-you-from-ransomware/
• https://purplesec.us/resources/cyber-security-statistics/ransomware/
• https://netdiligence.com/cyber-claims-study-2020-report/
• https://secure2.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-2021-wp.pdf
• https://www.kaspersky.com/about/press-releases/2021_over-half-of-ransomware-victims-pay-the-ransom-but-only-a-quarter-see-their-full-data-returned
• https://www.ctvnews.ca/business/cybersecurity-insurance-rates-likely-to-rise-amid-escalating-ransomware-attacks-1.5501822
• https://www.insurancejournal.com/news/national/2021/07/07/621416.htm#
• https://www.baltimoresun.com/maryland/baltimore-city/bs-md-ci-cyber-attack-insurance-20191016-4owu233bmfgnjmqu3yf2rzjxt4-story.html
• https://www.gao.gov/products/gao-21-477
• https://www.zdnet.com/google-amp/article/most-firms-face-second-ransomware-attack-after-paying-off-first/
• https://threatpost.com/cyber-insurance-ransomware-payments/166580/
• https://www.wsj.com/articles/as-ransomware-proliferates-insuring-for-it-becomes-costly-and-questioned-11620811802
• https://www.thehartford.com/insights/cyber/impact-ransomware-changing-regulation
• https://www.bbc.com/news/technology-57173096
• https://www.zdnet.com/article/avaddon-ransomware-group-closes-shop-sends-all-2934-decryption-keys-to-bleepingcomputer/
• https://www.darktrace.com/en/blog/double-extortion-ransomware/
• https://usa.kaspersky.com/resource-center/threats/how-to-prevent-ransomware