A ransomware attack will happen to every company; it"s only a matter of time. We at Trufflepig Forensics see the costs of such an attack in our daily work. In this article, we explain why these costs are significantly higher than many people think and why prevention only accounts for a fraction of the costs.
Nervous IT teams and managing directors facing bankruptcy. Unfortunately, this is the situation we repeatedly observe when we are called to a ransomware attack. These types of attacks are among the most expensive and dangerous incidents in IT.<
Ransomware is a term that refers to the purpose for which cybercriminals use malware. The main goal of ransomware is to encrypt user data. Once the data has been encrypted, the attackers try to extort a ransom by threatening to release the data only after the digital ransom has been paid. Victims of ransomware attacks can be any type of organization, including large corporations, SMEs, hospitals, municipalities and others.
The threat of ransomware is continuously increasing and according to the German Federal Office for Information Security ([BSI](https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Ransomware-Angriffe/ransomware-angriffe_node. html) is one of the biggest operational threats to cyber security.
Such an attack allows the attackers to quickly extort large sums of money, depending on the victim"s ability to pay.
The increasing division of labor in the area of cybercrime (e.g. ransomware-as-a-service) has significantly lowered the barrier to entry for such attacks.
We are confronted with ransomware attacks in our daily lives time and again. The ransom demands associated with these attacks can be as high as 2 million euros. To determine the amount of the ransom demand, the extortionists first check exactly how much a company can pay. They are extremely professional about this and, in our experience, leave little room for negotiation regarding the amount.
Once the ransom has been paid, the ransomware attack is not over. It is not uncommon for the blackmailers not to hand over the encryption password after payment and for the system to remain encrypted.
But even if the data can be decrypted, further costs arise during the aftermath of the attack. A major factor here is usually the business interruption.
The bulk of the cost of a ransomware attack usually comes from the downtime it causes. Our experience shows that companies are often unable to work at all or can only work to a limited extent for three to four weeks. Imagine what that would do to a business with 400 employees. What impact would such an outage have on your business? It is crucial to address this issue early and take steps to prevent it. Not always the entire IT system is affected by a ransomware attack. Particularly in the case of systems that have been professionally shared, the damage can be limited to one area, which means that often a large part of the company is still able to function. In the worst case, however, a company is no longer able to work at all after an attack and goes into insolvency. Some time ago, we were contacted by a company that had fallen victim to a ransomware attack. The company was very lucky: a last snapshot was found in their backup system, which the attackers had apparently overlooked and therefore not encrypted. The success of this company ultimately depended on this. Without this backup, the company would have lost all its data and would probably have had to close down.
Recovery costs are another significant item in the total costs of a successful ransomware attack. Depending on the extent of the damage and the effort required, costs of up to €100,000 can quickly arise. Even if a backup copy is available that appears to be usable, a time-consuming clean-up process may be necessary. Often, the systems have to be reinstalled because the ransomware can often be found even in older backups. If these are installed, the ransomware is still in the system and starts the encryption process again.
It is therefore important to restore the systems to an operational state with professional help. In some cases, hardware components may even have to be replaced.
Damage to reputation caused by ransomware attacks is a common problem. Such damage can have serious consequences, especially in industries where a good reputation is an important factor. One example is the logistics industry, where an interruption in deliveries can result in high costs for customers. Unreliable delivery can quickly lead to an image problem. If a company is unable to deliver for two weeks because it has been the victim of a ransomware attack, long-term reputational damage is an important cost factor. It is therefore important that companies in the logistics industry and other industries where reliability is an important factor protect themselves against ransomware attacks.
One question we are regularly asked by business owners: How worthwhile is ransomware prevention? As a rule, incidents are very costly and the average damage amount increases every year. Prevention is the best way to significantly reduce the likelihood and cost of a successful attack. In our experience, the average cost of effective prevention is only about 10% of the cost of a ransomware attack.
For a medium-sized company, an investment of €10,000 to €20,000 is often enough to make a significant difference and significantly reduce the cost of damage in the event of an attack.
If a company has an incident response plan that is also tested, a zero-trust policy and other small precautions, we see an average cost reduction to 20 to 25% in the event of an attack.
We therefore always recommend that companies invest in good ransomware protection to protect themselves from expensive damage. For this, we offer the Trufflepig basic protection.
