It is well established that ransomware attacks on enterprises are the most costly. Attackers demand higher sums from corporations than they do from private users. Timico, cloud service provider, partnered up with Datto, business continuity solutions provider, in an initiative to analyze the behavioral patterns of ransomware infections.
Together, the two companies made a report titled The Grim Reality of Ransomware. The results from the report indicate that companies can lose much more than what the ransom amounts to.
Ransomware viruses have improved by a leap in terms of functionality and penetration capability. An aspect which seems to be overlooked is how long the encryption process takes from start to finish.
The report contains data from over a thousand cases of ransomware attacks on enterprises. The stats reveal that about 85% of the victims had their files kept offline for at least a week’s time. A third had their data remain inaccessible for a month or longer.
About 15% of the victims never got their data back. The worst case scenario is paying the ransom and not receiving the decryption key or tool. This is always a possibility when contacting ransomware.
While the cyber criminals can take their time processing your payment and decrypting your files, the infection can lock your machine rapidly. In 68% of the examined cases, the virus rendered the system useless within seconds or minutes. About 25% of the victims stated that the lockdown was in effect within seconds, while 18% reported that it took about a minute.
The collective cost of paying the ransom and recovering the consequential system damages
According to the report, “Nearly a quarter (23%) of respondents paid over £5,000 ($6,221) to retrieve their data and 26% paid a fee of between £3,000 – £5,000 ($3,732 – $6,221). Higher Ransomware fees in large corporates were reported, with a third of corporate businesses paying over £5,000 ($6,221) to recover data compared to just half that number of SMEs (15%). The highest number of SMEs (35%) paid between £500 ($622) and £1,500 ($1,866) ransom fee.”
While their systems were locked, the targeted companies were forced to halt their business activity. This resulted in accumulated losses from their revenue. Of the respondents, 53% estimated that this pause cost them between £1,000 ($1,245) and £2,000 ($2,490) per day.
Another conclusion can be drawn from the report, as Timico and Datto stated. The researchers found that businesses were unprepared for the threat of ransomware. Most companies did not have a policy regarding ransomware attacks. Employees were not instructed on whether and how to respond to the hackers and what to do when the attack occurs.
“It’s not just a case of the data loss and financial cost to the business. A ransomware attack can have a debilitating effect, with long-term consequences across the business, with the company even breaching terms of any regulatory bodies that the business holds themselves accountable to,” explained Nabeil Samara, Chief Digital Officer at Timico.