According to a new report from Check Point Research (CPR), companies that are victims of ransomware attacks end up spending 7 times the amount paid in ransoms. Researchers at the provider of insights specializing in cybersecurity analysis pointed to a great evolution of these criminal actions in recent years, being today the most disruptive type of cyberattack that organizations have faced.
In addition to disrupting important day-to-day processes and business, ransomware can result in a major financial impact. And this is not limited to paying the ransom demanded by hackers, which can reach millions of dollars.
In CPR’s research, additional hidden costs caused during and after the ransomware attack were examined, information about the cybercriminal group Conti and different data sets related to ransomware victims were also analyzed in more detail. The long-term losses that victim companies suffer are far more significant than most would have guessed, according to the researchers.
Redemptions are based on the companies’ annual revenue
According to the analyses, the criminals have demanded a sum proportional to the victim’s annual income, ranging between 0.7% and 5% of the total obtained by the organization in the year. Furthermore, the duration of a ransomware attack has significantly decreased in number of days in 2021 – from 15 to 9 days.
In this scenario, the costs 7 times greater than the ransom amounts paid by the victim companies and organizations include values for response and restoration of systems and other routine work, legal fees and monitoring costs.
Criminals Rules in Ransomware Attacks
There are still basic rules taken by harmful groups to obtain a successful negotiation with victims (which influence the process and dynamics of a negotiation), namely: the accurate estimation of the victim’s financial position, the quality of the exfiltrated data, the reputation of the ransomware group, the existence of cyber insurance, and the approach and interests of victims’ negotiators.
“The main takeaway is that the ransom paid, which is the number most searches deal with, is not a key number in the ransomware ecosystem. Both cybercriminals and victims have many other financial aspects and considerations surrounding the attack,” says Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software.
“It is remarkable how systematic these cybercriminals are in setting the ransom number and negotiating. Nothing is casual and everything is defined and planned according to the factors we have described”, says the manager.
Recommendations to organizations
Shykevich’s main recommendation is that organizations should build adequate cyber defenses in advance. Especially drawing up a well-defined response plan against ransomware attacks so as to benefit from saving a lot of money.
Other clues from the researchers’ report are robust data backup and cyber awareness training (for example, focusing on phishing, which is one of the most popular ways to spread ransom malware).
User authentication must also be strong and secure, through a strong password policy and the use of multi-factor practices. Patches must be up to date on computers and devices, especially those labeled critical.
Have you watched the new videos on YouTube from Olhar Digital? Subscribe to the channel!