They say misery loves company so victims of ransomware attacks can take some comfort in the fact they are far from alone in experiencing their pain. A survey of 200 IT decision-makers whose organizations experienced a ransomware attack between 2019 and 2021 finds that on average total financial costs resulting from these attacks exceeded $400,000 with on average 44% of an organization’s data being impacted.
Conducted by Cloudian, a provider of an object storage system for on-premises IT environments, the report notes more than half of survey respondents (55%) admitted to paying ransom to regain access to their data. The average ransom payment was $223,000, with 14% of respondents paying more than $500,000. Despite paying the ransom, only 57% of respondents recovered all their data.
Additional costs stemming from these attacks on average reached $183,000. The average downtime across respondents was just over three days, with 10% being down for more than a week. Unfortunately, the report finds cyberinsurance covered only about 60% of the ransomware payment and these other costs. In fact, 88% of respondents that did have cyberinsurance say their rates increase on average 25% after the attack.
More than half of respondents (56%) said cybercriminals were able to take control of their data and demand ransom within just 12 hours, with another 30% reporting it happened within 24 hours. Phishing attacks accounted for just under a quarter of ransomware attacks (24%) despite the fact that 65% of the respondents who fell victim to these attacks had provided employees with anti-phishing training. In the case of phishing-led attacks, 76% of victims stated that the attackers took control within 12 hours. Public cloud services, meanwhile, accounted for 31% of attacks.
Just under half (49%) of all respondents also noted they had perimeter defenses in place prior to being attacked.
Resistance to paying ransomware is starting to stiffen in the wake of a series of high-profile attacks. There is also a growing debate over whether to make paying ransom illegal. The Biden administration has also signaled its willingness to go after the cybercriminals that perpetrate these crimes. Of course, most of them are beyond the reach of U.S. law enforcement agencies.
Most cybercriminals rationalize their actions as a form of retribution against the U.S. for grievances that in their eyes limited economic opportunities in their own countries. Pirates have historically often made the same types of claims. The trouble is countries typically commission privateers to go after pirates. It may not be too long before entities operating outside the bounds of any government restraint launch counterattacks. Worse yet, patriots may determine that if businesses in the U.S. are being attacked then businesses in other countries are fair game. It’s easy to see how ransomware attacks might soon spiral out of control.
Hopefully, cooler heads will prevail once everyone realizes there is a ransomware brink coming. In the meantime, however, savvy cybersecurity professionals should assume things may get a lot worse before they might one day get better.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.