Average cost of ransomware triples and threatens companies in all market segments

One of the main reasons why ransomware keeps growing is simple: because it works. All a criminal needs to get into a corporate network and carry out an attack is for a user to have a weak password, or make a slip and launch a malicious email attachment.

Another reason is that extortion has become a highly lucrative business. The average ransom paid by victims' organizations in Europe, the United States and Canada almost tripled in 2020, reaching US$312,493. And with the spread of double extortion tactics, this figure continues to grow, according to statistics gathered by researchers.

In Brazil, ransomware attacks cost companies that choose to pay the ransom an average of US$ 570,000 dollars, or R$ 2.8 million. When considering the total impact of this type of attack, the volume is even greater, according to studies: US$ 800,000, approximately R$ 4 million. Losses are calculated taking into account the downtime of IT environments, restoring backups, hiring agents for remediation, among other problems.

Companies held hostage

Ransomware is no longer a threat that only affects large companies. Areas that threaten supply chains are also being targeted, with cases in which national security has been compromised, in Brazil and other countries.

In 2020, for example, we saw the Colonial Pipeline attack disrupt the flow of fuel to the east coast of the United States. The company faced operational chaos, and customers had to deal with fuel shortages and price hikes.

Recently, we also had an attack on the SaaS company Kaseya, considered one of the most daring so far by ransomware gangs, infecting a system that, in most companies, IT administrators use to control their networks.

The attack affected around 1,500 companies at once, and required a payment of 70 million dollars to release the encryption key.

Ransomware has become a major problem and is likely to continue impacting companies and governments for years to come. So how can you defend yourself?

Simply put: ransomware can ruin your business. Being locked out of your own files by malware for just one day will have an impact on your revenue. But given that ransomware takes most victims offline for at least a week, or sometimes months, the losses can be significant. Systems are offline for so long not just because the ransomware blocks the system, but because of all the effort needed to clean up and restore networks.

Double extortion techniques have become so common among ransomware gangs because the attacks work and many organizations are unfortunately giving in to ransom demands as cybercriminals become more persistent and aggressive. It's still not easy to track down who is responsible for the attacks. There are criminals who act alone and organized groups, some even sponsored by states and governments.

For organizations, the best way to avoid having to make a decision about paying cybercriminals is to have a network that is secure enough to prevent intrusions. Most of the time, ransomware attacks occur through human error - easily guessable passwords and clicking on suspicious links - and outdated operating systems.

Cybersecurity procedures that can prevent network infiltration include applying security patches and constantly updating programs and systems. These measures alone are capable of closing countless doors that could be exploited by attackers.

In addition, many ransomware attacks begin with hackers exploiting insecure Internet-facing ports and remote desktop protocols. Therefore, an organization can ensure, unless essential, that ports are not exposed to the internet.

But if remote ports are necessary, make sure that the login credentials have a complex password. Applying two-factor authentication to these accounts can also serve as a barrier to attacks, as there will be an alert if any unauthorized access is attempted. This reduces the chances of an account being breached and a criminal moving laterally through the network.

However, none of this will have any effect if the company doesn't maintain a dialog with employees about how to detect attacks and put digital security policies into practice. Even if people are generally able to pick up on small indicators of a scam, such as poor email formatting or shady addresses posing as well-known brands, the discussion goes beyond routine checks. We need to foster a culture of cybersecurity, so that everything that is shared, developed and posted is guaranteed by protective mentalities and more prepared eyes.

The data is part of The IT Security Team: 2021 and Beyond survey, carried out by British consultancy firm Vanson Bourne. The survey interviewed 5,400 IT decision-makers from medium-sized organizations in 30 different countries. In Brazil, 200 companies were interviewed.