If anyone needs further proof that ransomware is one of the most important digital threats facing the organization, the recent attacks on Colonial Pipeline; Washington DC Police Department; Apple; Ireland’s National Health Service are all obvious signs of this problem.
According to a recent Sophos survey, 51% of responding organizations were attacked by ransomware last year, and the increasingly unscrupulous attacks carried out by the ransomware-as-a-service (RaaS) group indicate that this trend may continue- Even in the recent government efforts to shut down the RaaS infrastructure.
Ransomware is an equal opportunity attack, and any organization can be a target. Therefore, every company should be prepared for this threat, not only to take preventive measures such as malware detection, network traffic analysis, data leakage prevention and data backup, but also to predict the cost they should pay.
As an incident responder, I have forgotten the number of ransomware incidents I have dealt with over the years, but I have found that in most cases, companies are not aware of all the potential costs of ransomware attacks that they may generate during this period.
The following is a list of some costs that companies need to prepare before being attacked:
1. Cyber Insurance
When it comes to devastating ransomware attacks, cyber insurance can be a savior, but it will only help if it is in place before the attacker attacks. Depending on your policy, insurance may provide many of the services listed below (you may or may not need to pay for these services).
Also know what your deductible is. Although this is not a direct cost, it will still cost you money.
2. Incident Response
Ransomware does not just appear on your network. You need to find out the root cause, what the attacker did on your network, and what (if any) data was obtained. There may be infected users with backdoors that are not affected by the ransomware or the system is still on your network. If you don’t find them, this kind of attack will happen again in a few weeks.
Incident response (IR) companies can help you solve all these problems. They enter your organization, investigate the attack, and provide you with the help you need to contain, eliminate, and restore the incident.
One tip: If you don’t have an internal IR team, please get an IR retainer. If you have an accident, there will be someone to help you 24x7x365.
When dealing with ransomware, legal counsel is essential. They will tell you how to deal with the minefield of reporting obligations, ensure that your communications are privileged so that the opposing attorney cannot see them when you are sued, and advise you on whether the payment of the ransom is legal.
You also want to make sure that your internal legal team knows how to handle cyber incidents, or that you work with an external legal adviser who has this experience. Organizations can expect to pay $250 to $700 per hour for external consultants, and most organizations can easily reach $75,000 in total expenses (if your attack did not enter the lawsuit).
4. Crisis Public Relations
Your organization may have a communications team, but has it ever dealt with crises? How will you notify your customers? What would you say? What would you say? What do you say to the employees? How do you control the flow of information?
If your team has never experienced this situation, you will need a qualified crisis public relations company to tell you what to do and how to do it.
5. Information Technology Support
Yes, you have an IT department that will become an important part of your ransomware response plan. However, you cannot recover from a ransomware attack on the weekend (at least, if you do it right). Recovering from a ransomware attack is a 24×7 operation that will last for a period of time. If employees are expected to work long hours for several days/weeks/months, they will be exhausted. Organizations may need to bring in additional help and expertise to rebuild things correctly and quickly.
Depending on the type of expertise required, the estimated cost of introducing IT support is between US$200 and US$500 per hour.
Every organization attacked by ransomware must decide whether to pay the ransom. Sometimes this is the only way to retrieve data or prevent the leakage of highly sensitive data. I don’t recommend it, but this decision (fortunately) is not in my control.
In any case, the range of ransoms ranges from a few thousand dollars to two million dollars to five million dollars. I hope you never have to pay, but if you really need one, you should also get one…
7. Ransomware negotiator
…Ransomware negotiator. These organizations specialize in helping reduce the amount of ransom, assisting in the purchase of cryptocurrency, and ensuring that your data is deleted (although attackers usually don’t delete your data completely). Do you need one? Do not. But owning one can help you save a lot of money.
Unfortunately, there are many other costs associated with ransomware attacks, such as hardware and software recovery costs, additional protection, lost productivity, litigation, customer loss, and continuous monitoring. The good news is that with proper planning and preparation, many of these expenditures can be reduced or eliminated.
Tyler Hudak is the Head of Incident Response Practice at TrustedSec. He has more than 20 years of practical experience in incident handling, malware analysis, computer forensics, and information security for multiple organizations.Taylor has worked in many… View full resume