According to a new survey by Intermedia called "2016 Crypto-Ransomware Report", ransomware attacks are increasingly targeting larger companies, costing them dearly. Employees are usually locked out for days after an attack, and often the cleanup process causes extensive downtime.
Cyber mafias who infect workstations with their latest ransomware strain often don't get the money they demand — but that doesn't mean that the victim doesn't end up paying one way or another.
Paying the ransom itself was not cited as having the biggest business impact of ransomwareattacks, falling far behind the cost of data recovery, reduced statistics, lost sales, missed deadlines, and troubled employees. The cost of the ransom was also behind the cost of the downtime and the breach of sensitive information as a top concern of a crypto-ransom attack.
When IT experts were asked what industry had the most to lose in ransomware attacks, 31 percent chose the legal industry, while twice that amount cited the finance and banking sector. Just under half also indicated Information Technology industry and the government.
Is A Ransomware Infection Equivalent To A Data Breach?
Ransomware is rapidly becoming a nightmare for IT pros, however it has not hit the #1 spot yet:
The jury is out on the determination if a crypto-ransom infection constitutes a data breach. Lawyers are fighting about this issue at the moment.
Over 60 percent of IT pros were at least moderately concerned about ransomware attacks on their networks in 2015, and expect to see an increase in ransomware attacks in 2016.
A surprising 43 percent of those surveyed admitted they have at least one user who fell victim to a ransomware attack. Just under 30% of attacks affected between three and 20 employees, while slightly under a quarter effected 20 to 100+ employees, obviously where a network drive got hit. It’s important that IT pros send simulated phishing tests to employees so they know what to look for.
Downtime Caused By Ransomware Attacks
"Ransomware attacks are becoming more frequent due to the increasing processing powers of computers – which allows criminals to encrypt files in only a few hours – and the rise of anonymous payment systems such as the untraceable Bitcoin," said Ryan Barrett, vice president of security and privacy at Intermedia.
And the disruption and burdens caused by ransomware attacks, he added, is more often measured in days than dollars. Almost all employees (96 percent) were locked out of their files for at least one day due to ransomware, while 72 percent were locked out for at least two days and 61 percent for at least three. By five days, only 32 percent of users were still unable to access their data.
In most cases, cyber criminals stuck to their word: 71 percent of IT professionals reported that files were restored after payment. In KnowBe4's experience, this is closer to 95% of successful decryption after payment.
To Pay Or Not To Pay
“When clients choose to pay the ransom, it’s likely because the files are confidential and crucial to the business, and because they don’t have the proper business continuity tools in place,” Barrett said in the report. “Downtime is a huge threat to businesses of all sizes, and when a business continuity plan is not in place, businesses are often desperate to get back up and running as fast as possible. … Businesses also must understand that paying the ransom doesn’t guarantee they’ll get their files back.”
Again, KnowBe4's experience is that cyber mafias are very concerned with their reputation and even provide tech support to decrypt the files. We have dealt with dozens of infections and 95% were able to get their files back.
Obviously having weapons-grade backups is crucial these days, but preventing the downtime by having security awareness trained employees is much more cost effective.
Send a simulated phishing attack to your own employees and find out the Phish-prone percentage of your users as your first step.
PS, If you do not like to click on links where you cannot see the final URL, just copy/paste the link into your browser.