The Cost of Ransomware: It Isn’t Just About the Ransom Paid

Ransomware is no longer breaking news for consumers and companies. Large-scale infections like WannaCry and NotPetya were widely covered in the news last year, and Acronis experts performed detailed analysis posted on our blog.

The damage caused by ransomware should no longer be a surprise either, with totals growing at an alarming speed. In 2015 ransomware damages totaled around $300 million, but it topped $5 billion last year – an increase of 1,666 percent in just two years. In fact, 55 percent of businesses report that they’ve already felt the damaging effects of ransomware attacks.

Now CyberSecurity Ventures projects that the global loss due to ransomware activity will reach a hefty $11.5 billion by the end of 2019.

You may ask a reasonable question: “OK, I’ve heard about the $150K made by Wannacry. That doesn’t really look like the $5 billion you are talking about.” The thing is that for consumers and businesses, the ransom paid to cybercriminals is just a small percentage of damage done. At the end of the day, the actual costs include:

• Loss of data (there is never a guarantee that by paying a ransom you actually get your files back)
• Lost profits caused by downtime
• Post-attack recovery costs to get back to normal
• Expenses for forensic investigation
• Investment into new security measures
• Lost business caused by the damage to your reputation
• Employee training in direct response to the attacks

Want some real-world examples? Nuance Communications, a software company, said the 2017 NotPetya malware attacks caused the company to lose $92 million in revenue. The UK’s consumer goods company Reckitt Benckiser estimated lost sales of $117 million from the NotPetya attack. And don’t forget South Korean web-hosting company Nayana, which paid a ransom of more than $1 million just to unlock its Linux servers encrypted by bad guys. For smaller companies, the stakes are just as dire, costing an average of $713,000 per incident.

The main reasons for such big losses are downtime and reputational harm. While few companies actually pay the ransom (one survey reported fewer than 5 percent), recovering files from backup and restoring infected systems is often easier said than done. Intermedia Research estimates nearly three out of four companies infected with ransomware suffer two days or more without access to their files, while around 30 percent are denied access for five days or longer.

Despite a decline in the number of victims willing to pay the ransom, attacks are on the rise as cybercriminals increasingly target various verticals and big businesses that are more likely to pay. By the end of 2019, ransomware is projected to attack a business every 14 seconds, up from an average of every 40 seconds this year. The faster rate of attack will likely generate results too, since 71 percent of companies targeted by ransomware have been infected.

Backup is still the best strategy for keeping your data (and money) safe and sound. Not every backup software is equal though, now that cybercriminals are targeting backup files and backup software as a way to keep victims from restoring their systems without paying.

If you care about recovery time and really want your data to be secure, you need Acronis Backup or Acronis True Image, the backup industry’s only solutions that include AI-based anti-ransomware software to detect, terminate, and automatically recover from ransomware attacks.

In addition, there are some basic security rules that you should not ignore:

1. Use an anti-malware software and frequently update its signature database.
2. Keep your operating system and applications up-to-date as well, so when vendors discover vulnerabilities in their products, you get the software patches that close them.
3. Be wary of phishing emails and encourage your family, friends, and colleagues to be very cautious about clicking on links or opening attachments in emails from sources they don’t absolutely trust.

The threat from ransomware is more than real – it’s growing. Businesses pay a high price when they are successfully attacked, and the cost of ransomware goes well beyond just the money extorted. Downtime leads to lost sales and lost reputation, which exacts a significant financial cost. Preventing an attack using Acronis Active Protection is the best way to ensure ransomware doesn’t cost you a lot.