Cloud Storage & Cloud Backup

The True Cost of Ransomware

by // Leave a comment

The True Cost of Ransomware - Backblaze

Today, cybercriminals demand ransoms on the order of hundreds of thousands or even millions of dollars. 2021 saw the highest ransom ever demanded hit $70 million in the REvil attack on Kaseya. But the ransoms themselves are just a portion, and often a small portion, of the overall cost of ransomware.

Big ransoms like the one above may make headlines, but a huge majority of attacks are carried out against small and medium-sized businesses (SMBs) and organizations—security consultant Coveware reported that they comprise 70% of all ransomware attacks. And the cost of recoveries can be staggering. In this post, we’re taking a look at the true cost of ransomware and the drivers of those costs.

This post is a part of our ongoing series on ransomware. Take a look at our other posts for more information on how businesses can defend themselves against a ransomware attack, and more.

➔ Download The Complete Guide to Ransomware E-book

Ransoms Are the First Item on the Bill

The Sophos State of Ransomware 2021 report, a survey of 5,400 IT decision makers in mid-sized organizations in 30 countries, found the average ransom payment was $170,404 in 2020. However, the spectrum of ransom payments was wide. The most common payment was $10,000 (paid by 20 respondents), with the highest payment a massive $3.2 million (paid by two respondents). In their own reporting, Coveware found that the average ransom payment was $136,576 in Q2 2021, but that number fluctuates quarter to quarter.

Ransom Payments By Quarter chart
Source: Coveware.

Yet another source, Palo Alto Networks, recently reported that the average ransom payment hit $570,000—82% higher than 2020’s average of $312,000. Predictions from Cybersecurity Ventures paint an even bleaker picture, putting worldwide ransomware damages in the tens of billions of dollars by the end of 2021.

Though the numbers vary, the data show that ransoms are not just pocket change for SMBs any way you slice it.

But, Ransoms Are Far From the Only Cost

The true costs of ransomware recovery soar into the millions with the added complication of being much harder to quantify. According to Sophos, the average bill for recovering from a ransomware attack, including downtime, people hours, device costs, network costs, lost opportunities, ransom paid, etc. was $1.85 million in 2021. The cost of recovery comes from a wide range of factors, including:

  • Downtime.
  • People hours.
  • Stronger cybersecurity protections.
  • Repeat attacks.
  • Higher insurance premiums.
  • Legal defense and settlements.
  • Lost reputation.
  • Lost business.

Downtime

The downtime resulting from ransomware can be incredibly disruptive, and not just for the companies themselves. The Colonial Pipeline attack shut down gasoline service to almost half of the East Coast for six days. An attack on a Vermont health center had hospitals turning away patients. And an attack on Baltimore County Public Schools forced more than 100,000 students to miss classes. According to Coveware, the average downtime in Q2 2021 amounted to over three weeks (23 days). This time should be factored in when calculating the true cost of ransomware.

People Hours

While Colonial restored service after six days, CEO Joseph Blount testified before Congress more than a month after the attack that recovery was still ongoing. For a small business, most, if not all, of the company’s efforts will be directed toward recovery for a period of time. Obviously, the IT team will be focused on getting systems back up and running, but other areas of the business will be monopolized as well. Marketing and communications teams will be tasked with crisis communications. The finance team will be brought into ransom negotiations. Human resources will be fielding employee questions and concerns. Calculating the total hours spent on recovery may not be possible, but it’s a factor to consider in planning.

Stronger Cybersecurity Protections

A company that’s been attacked by ransomware will likely allocate more budget to avoid the same fate in the future, and rightfully so. Moreover, the increase in attacks and subsequent tightening of requirements from insurance providers means that more companies will be forced to bring systems up to speed in order to maintain coverage.

man working on a laptop with a ransomware demand message

Repeat Attacks

One of the cruel realities of being attacked by ransomware is that it makes businesses a target for repeat attacks. Unsurprisingly, hackers don’t always keep their promises when companies pay ransoms. In fact, paying ransoms lets cybercriminals know you’re an easy mark. This behavior used to be rare, but has become more common in 2021. We’ve seen reports of repeat attacks, either because companies already demonstrated willingness to pay or because the vulnerability that allowed hackers access to systems remained susceptible to exploitation. More ransomware operators have been exfiltrating additional data during the recovery period, and copycat operators have been exploiting vulnerabilities that go unaddressed even for a few days. Some companies ended up paying a second time.

Higher Insurance Premiums

As more and more companies file claims for ransomware attacks and recoveries, insurers are increasing premiums. The damages their customers are incurring are beginning to exceed estimates, forcing premiums to rise.

Legal Defense and Settlements

When attacks affect consumers or customers, victims can expect to hear from the lawyers. The Washington Post reported that Scripps Health, a San Diego hospital system, was hit with multiple class-action lawsuits after a ransomware attack in April. And big box stores like Target and Home Depot both paid settlements in the tens of millions of dollars following breaches. Even if your information security practices would hold up in court, the article explains that for most companies, it’s cheaper to settle than to suffer a protracted legal battle.

Lost Reputation and Lost Business

Thanks to the Colonial attack, ransomware is getting more coverage in the mainstream media. Hopefully this increased attention helps to discourage ransomware operators (they’re not in it for the fame, and it’s never a good day for cybercriminals when the president of the United States gets involved). But, that means companies are likely to be under more scrutiny if they happen to fall victim to an attack, jeopardizing their reputation and ability to develop business. And when companies lose their customers’ trust, they lose money.

lock over an image of a woman working on a computer

What You Can Do About It: Defending Against Ransomware

The business of ransomware is booming with no signs of slowing down, and the cost of recovery is enough to put some ill-prepared companies out of business. If it feels like the cost of a ransomware recovery is out of reach, that’s all the more reason to invest in harder security protocols and business continuity planning sooner rather than later.

For more information on the ransomware economy, the threat SMBs are facing, and steps you can take to protect your business, download The Complete Guide to Ransomware.

print

About

Molly Clancy is a content writer who specializes in explaining tech concepts in an easy, approachable way. With more than 15 years of experience, she has a broad background in industries ranging from B2B tech to engineering to luxury travel. A deep curiosity drives her repeated success explaining what terms like OS kernel and preflight request mean so that anyone can understand them.

Recent Posts You Might Find of Interest

A decorative image showing icons representing drives and storage options superimposed on a cloud. A title reads: Object Storage for Media Workflows

Object Storage for Film, Video, and Content Creation

A decorative images showing two phones and a laptop flowing data into a NAS device and then a storage cloud.

A Tale of Two NAS Setups, Part One: Easy Off-Site Backups

A decorative image showing a cloud with three dollar signs and the word "Egress", three CDN nodes, and a series of 0s and 1s representing data.

CDN Bandwidth Fees: What You Need to Know

A decorative image showing icons of a NAS device, a video with a superimposed play button, and a cloud with the Backblaze logo.

Virtual vs. Remote vs. Hybrid Production

A decorative image displaying the article title 2022 Annual Report Drive Stats SSD Edition.

The SSD Edition: 2022 Drive Stats Review

Work Smarter With Backblaze and Quantum H4000 Essential

A decorative image that features the Backblaze logo and the CDN Alliance logo.

Backblaze Joins the CDN Alliance

A decorative image with the Backblaze logo in the cloud.

Extended Maintenance Window for US West Data Center

How to Connect Your QNAP NAS to Backblaze B2 Cloud Storage

CISO’s Guide to Ransomware

CDN Comparison: Bunny.net vs. Cloudfront

AWS CloudFront vs. bunny.net: How Do the CDNs Compare?

Go Wild with Wildcards in the Backblaze B2 Command Line Tool 3.7.1

Top