Check Point Research (CPR) shows new data on the impact of ransomware attacks after analyzing the Conti group leaks and different data sets related to victims. Keep in mind that paying a ransom is only a small component of the real cost of such an attack, with the total price estimated to be 7 times higher.
Within the damage suffered, it should be noted that cybercriminals demand an amount proportional to the victim’s annual income, which ranges between 0.7% and 5%. On the other hand, in 2021 the duration of the “blackmail” decreased from 15 days to 9 days. Check Point Research has also found that ransomware groups have basic rules to successfully negotiate with victims, which influences the process and dynamics of the transaction.
It’s clear that in recent years, ransomware has evolved into the most cumbersome type of cyberattack that businesses face. In addition to affecting the day-to-day processes of organizations and disrupting business, this threat can have a huge financial impact. In its most obvious form, criminal gangs will demand a ransom payment, which can run into the millions of dollars. In this research, the additional hidden costs caused both during and after these types of threats were examined. The long-term losses suffered by victims are far greater than most might assume.
Ransomware attacks are now the most lucrative type of cybercrime, allowing criminal gangs to make huge profits. Over the years, cybercriminals have refined their processes for defining extortion demands and have developed sophisticated negotiation techniques with victims, with the goal of demanding the highest level of ransom payment that the organization can afford. To show a true picture of its two faces, that is, from the perspective of the victims and the criminals, Check Point Research has used the following sources of information to obtain monetary information for this research:
- Victim losses: Kovrr’s cyber incident database includes data on past cyber incidents and their financial impact.
- Benefits of cybercriminals: information from Conti Leaks as a representative example of the monetary dynamics of cybercriminals.
- Collateral cost: the ransom paid is only a small component of the ransomware attack price for the victim. Researchers estimate that the total impact is 7 times greater than what you pay cybercriminals, and is made up of intervention and reset costs, legal fees, and monitoring payments.
- Sum of demand: The ransom amount depends on the company’s annual income and ranges from 0.7% to 5% of annual income. The higher the victim’s annual benefits, the lower the fee that will be required, since that percentage represents a higher numerical dollar value.
- Attack Duration: the extension of the impact of an attack of this type has been significantly reduced in 2021, from 15 to 9 days.
- trading rules: Ransomware groups have well-defined ground rules to ensure successful negotiation with victims, which influences the process and dynamics of the transaction:
- Accurate estimate of the financial position of the victim.
- Quality of the exfiltrated data of the affected party.
- The reputation of the ransomware group.
- The existence of cyber insurance.
- The approach and interests of those who negotiate with the victims.
“In this investigation, we have provided an in-depth analysis from the perspectives of both the attackers and victims of ransomware. The key learning is that the ransom paid, which is the figure most research deals with, is not the decisive amount in its ecosystem. Both cybercriminals and those affected have many other aspects and related financial considerations. It is striking how systematic these cybercriminals are in defining the amount of the ransom and in the negotiation. Nothing is accidental and everything is defined and planned according to the factors that we have described. It should be noted that, for companies, the “collateral cost” is 7 times greater than the ransom they pay. Our advice is that it is essential to build adequate cyber defenses in advance, especially a well-defined response plan can save organizations a lot of money”warns Eusebio Nieva, technical director of Check Point Software for Spain and Portugal.
How to protect yourself from ransomware
- Have a robust data backup: The goal of the ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses control of their own information. Having a strong and secure data backup is an effective way to mitigate the impact of such a threat.
- Cybersecurity training: Phishing emails are one of the most popular ways to spread these malware. By tricking a user into clicking on a link or opening a harmful attachment, cybercriminals can gain access to their computer and start the process of installing and running ransomware program on it. Frequent cybersecurity training is crucial to protecting the organization.
- Strong and secure user authentication: Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all critical components of a company’s cybersecurity strategy.
- Updated patches: keeping computer systems up to date and applying security patches, especially those rated critical, can help limit an entity’s exposure to ransomware attacks.
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.