Paying a Ransomware Demand Could Cost More than You Think

Security experts estimate that a ransomware attack occurred every 11 seconds in 2021. The increased frequency of attacks is leading more organizations to pay the ransom in hopes that they can regain access to their data quickly and minimize business disruption. Several recent studies suggest that is not an effective solution.

Only about 8 percent of organizations that pay a ransom get all their data back, according to a study conducted by research firm Vanson Bourne. On average, organizations that pay the ransom are only able to recover about two-thirds of their data due to ineffective decryption keys or corruption during the recovery process.

As the saying goes, “History repeats itself,” and ransomware is no different. Up to 80 percent of businesses that pay a ransom suffer a second ransomware attack — often at the hands of the same threat actor, according to an April 2021 study conducted by Censuswide. Paying attackers reinforces attack behavior because once a proven revenue stream is confirmed, a probable target for future attack success and income is established. Attackers will keep going to the well until the well is proven to be dry.

Paying the ransom also increases the total cost of recovery from a ransomware attack by 190 percent, according to a Vanson Bourne study. The average recovery costs of organizations that didn’t pay were more than $730,000, including downtime, operational costs, lost business and other expenses. Organizations that did pay the ransom still suffered all those costs, in addition to the ransom payment, for a total of more than $1.4 million on average.

Penalties Possible, Too

Worse yet, paying could potentially expose the company to millions of dollars in fines and penalties. In late 2020, the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department issued an advisory warning of potential sanctions for ransomware payments. Because OFAC has sanctioned many hackers associated with international criminal groups and malicious state actors, organizations in the U.S. are prohibited from dealing with them — even if the organization is the victim of a crime.

The advisory notes that any entity that makes or facilitates a ransomware payment could be subject to an enforcement action and fines of up to $20 million. Of course, those who cooperate with law enforcement officials are unlikely to be hit with such penalties. Nevertheless, an OFAC enforcement action can result in significant legal costs and reputational risks.

Backups Critically Important

The best hedge against ransomware remains a comprehensive cybersecurity strategy and robust data protection plan. Organizations should follow the “3-2-1” rule when it comes to backups — maintain three copies of data on two different types of media with one copy offsite or disconnected from the network.

Another approach is to implement an immutable backup system that cannot be infected by ransomware yet remains available for rapid recovery when needed. Administrators can set immutability flags, which are file system attributes that prohibit changes to files or folders. Immutability flags even supersede administrator read and write permissions, meaning that no one can alter or delete the data.

Proactive Prevention

Let’s face it. Users will click on bad links, which may lead to malware detonation that would attempt to exploit vulnerabilities in the IT environment. In addition to security awareness training, organizations need to implement technology and business processes that will proactively protect their environment and mitigate risk.

Endpoint detection and response (EDR) technology is an effective solution to combat ransomware and other modern threats. Having software that can operate at machine speed leveraging artificial intelligence and machine learning with autonomous response and recovery capability is a true game-changer. Implementing EDR, in addition to Managed Detection & Response (MDR), enables a more mature security program thereby mitigating risk, and may even lower cyber insurance premiums.

Ransomware attacks continue to increase in frequency as cybercriminals hope for an easy payday from victims. However, paying the ransom increases the cost of recovery, and potential federal penalties only add to the risk. Let SageNet help you develop an effective cybersecurity and data protection plan so that you don’t have to negotiate with criminals.