Business Cost of Ransomware
Ransomware is on the rise everywhere and it’s costing UK businesses millions of pounds in disruption. A study by security software firm Malwarebytes revealed that almost 40% of businesses had experienced a ransomware attack in the last year. Of these victims, more than a third had lost revenue and 20% had to stop business completely.
Another survey suggests that a single ransomware attack can cost a small business as much as £75,000. But this is just the tip of the iceberg. We’ve mentioned the more nebulous costs of becoming victim to a cyber attack in our previous blog, so you know that cost of losing reputation and future business after an attack. You also run the risk of partial or complete loss of data. Even if you do agree to pay a ransom, the criminal is under no obligation to give back your data in the state you lost it in.
Why are ransomware attacks on the rise?
The reason ransomware attacks are on the increase is because it has never been easier to do and criminals can easily cover their tracks.
Fraudulent emails containing links or attachments for the unsuspecting users have become much more sophisticated. These are referred to as phishing emails, or whaling emails if they target big enterprises. Today, it isn’t dethroned princes with bad spelling emailing you, it’s credible companies, potential employees with promising CVs or even your own bank trying to get in touch. Today’s phishing emails are well targeted, professional looking and hard to spot, leading to more people opening them. But the really scary thing is that some cyber criminals don’t need you to open their phishing emails to gain access to your site.
Ransomware can spread through gaps in security systems or un-patched, outdated applications. New ransomware is coming out on an almost weekly basis, so anti-virus protections are hard pressed to keep up. Over time, the number of ways that ransomware infiltrates systems will grow and grow.
Another reason for the popularity of ransomware is the payoff for the criminals. Ransom money in times gone by could be tracked, whether in non-consecutive bills or digital transfer. Today’s cyber criminals prefer payment in Bitcoin. This digital currency makes it easy to anonymously collect payments.
A ransomware attack creates two hard choices for businesses: either spend hours or even days recovering locked files from backups, or pay the ransom. No matter which scenario they choose, the victim is going to face significant costs. 72% of infected business users could not access their data for at least two days following a ransomware outbreak, and 32% lost access for five days or more.
This troubling statistic does present a solution, however. If your business opts for the highest levels of backup, criminal ransomware attacks cannot affect you. They don’t have a leg to stand on if you can quickly access backups of all your systems.
Another thing to remember is that the cyber security industry is being forced to keep innovating in response to attacks. This means that keeping your anti-virus software and firewalls patched and up to date is more important than ever. Keep your defences strong and plug any holes early.
Finally, you need to address the traditional access method for ransomware: opening email attachments. As we mentioned, criminals are become much more subtle in their approaches. Educating your staff in cyber security is a vital first stage defence. In addition to having secure anti-virus that scans incoming attachments for viruses, teach your employees to be critical of incoming email attachments. If they are from a third party not related to your business, exercise caution. As a general rule, if you aren’t expecting an email with an attachment, do not open it.
Don’t be the one holding the bill
Ransomware is a big business these days and businesses of any size are at risk. The idea of Cyber-Crime-As-A-Service is a depressing and worrying trend right now, so it’s important to keep your defences strong. Educate your staff, backup more often than you are now and update your anti-virus on a regular basis. Defending yourself is the best way to avoid the cost of a ransomware attack.