The Cost of Ransomware vs. Additional Backups for Recovery

This piece examines the potential or estimated cost of a ransomware attack and weighs that against the option of adding a tertiary backup to the cloud as a means for ransomware recovery or response.

Typical Ransomware Costs

Reports from the last two years relating directly to ransomware costs and impact surfaced the following findings:

• PurpleSec noted the average cost of a ransomware attack was $133,000 in early 2019, which includes the cost of the ransom, downtime, and remediation.
• FinTech News reported the average ransomware payment rose 33 percent from Q4 2019 to Q1 2020, to reach $111,605.
• In late 2020, Coveware reported average ransom payments were up $233,817 (median payments were over $110,000). This number decreased in Q4 2020 because fewer organizations paid extortion demands (average payments were $154,108).
• The Sophos State of Ransomware 2020 report found:
  • The average total cost of a ransomware attack for organizations that paid the ransom is almost $1.4 million, but the average cost for organizations that didn't give in to ransom demands is roughly half that figure, coming in at $732,000. The primary reasons for the higher costs of paying include ransom costs plus recovery costs, being targeted again as a willing payer, and experiencing issues with decryption keys.
  • Fully 84 percent of companies surveyed had cybersecurity insurance, but 36 percent of these policies did not cover ransomware attacks.
  • The private sector is compromised and targeted more than the public sector.
• Cybersecurity Ventures predicts ransomware costs will reach $20 billion globally by 2021. It also predicts there will be a ransomware attack on a business every 11 seconds by 2021. No costs per attack are predicted, however.
  

Industries Affected by Ransomware

The Sophos report shows ransomware trends by way industries most affected. (see Figure 1).

Those findings demonstrate that all organizations are potentially susceptible, but the entertainment, technology and energy sectors are those most targeted.

Since most ransomware is paid by cryptocurrency, examining the payments to suspicious/noted ransomware cryptocurrency addresses are useful as well. In the Chainalysis Crypto Crime Report from early 2021, blockchain analysis shows the total amount paid by ransomware victims increased by 311 percent from 2019-2020, to reach nearly $350 million worth of cryptocurrency payments (see Figure 2).

Tertiary Backup to the Cloud

A tertiary backup scenario that replicates critical data to an offsite (usually cloud-based) data storage service may be a good insurance policy against ransomware attacks. There are several considerations if your organization is looking to add a tertiary backup, which can include, but are not limited to: 

• Term length: Most tertiary/auxiliary backups have between 30 and 90 days of total retention time.
• Performance: These backups should be carefully orchestrated to perform backups on a daily schedule and avoid any “continually open” network ports or services that could be exposed to a ransomware attacker.
• Include only immediately sensitive or valuable data. We suggest being highly selective about what data is replicated. Alignment with business continuity and recovery efforts are recommended.

Tertiary Backup Considerations 

A tertiary backup to the cloud could make sense depending on your organization and its risk tolerance. 

However, pinpointing a wholly accurate average cost of ransomware impact is difficult. We suggest taking the following considerations into account when mulling over the option of a tertiary backup:

• The cost of ransomware varies, and although this may skew to the lower end of the scale for most organizations and a smaller number of very high ransom demands impact the average, the true cost has the potential to impact the business from a security and financial standpoint.
• Paying the ransom can increases costs due to a wide variety of external factors, which may include, but are not limited to, how much consulting and other additional resources required.
• The ransomware problem is getting worse. A wide variety of industries are impacted by ransomware, the number and severity of attacks is expected to increase, and trends in cryptocurrency payments seem to show a higher propensity to pay ransoms.

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.