The Cost of Ransomware

/in ,

The cyber criminals behind ransomware see their efforts as a volume business.  Charge too much, and victims will not pay. Targeting businesses and organizations in wealthier countries and in cities where people and businesses are most likely able to pay, the typical ransom is often about $500.  More recently, we have heard of ransoms between 1 and 2 bitcoin (about US$600 to US$1300).

The Ransom Payment is Only Part of the Cost

The cost of ransomware can vary significantly depending on several factors, including the size and type of the targeted organization, the extent of the attack, the data that is compromised, and the specific ransom demands. It is challenging to determine a typical cost as each incident is unique. However, the costs associated with a ransomware attack can include:

  1. Ransom Payment: The primary cost is often the ransom amount demanded by the attackers, which can range from a few hundred to millions of dollars.
  2. Recovery and Remediation: Organizations affected by ransomware must invest in forensic investigation, data recovery, system restoration, and strengthening their security infrastructure. These costs can include IT services, incident response teams, and cybersecurity consultants.
  3. Downtime and Productivity Loss: Ransomware attacks can result in significant disruption to business operations, leading to lost productivity, missed opportunities, and potential reputational damage.
  4. Legal and Regulatory Consequences: Organizations may incur legal fees and potential fines if the attack involves compromised customer data or violates data protection regulations.
  5. Reputational Damage: Ransomware attacks can erode customer trust and damage a company’s reputation, potentially leading to long-term financial consequences.

Every victim loses productivity from the start of the attack until it is fully resolved. Whether or not you pay, you still need to conduct a full sweep of all of your systems to ensure the ransomware has been removed. Otherwise, you risk reinfection.

Organization Who Pay the Ransomware Cost

For organizations respond and pay the ransom, they still suffer the time and cost of decrypting and validating files, a process that can consume days or weeks of IT resources. If you choose not to pay, you have the cost of recovering data from before the attacks and re-creating lost information across all of your servers, systems, and applications. We recently spoke with a company that lost less than 6 months of data. After three months, they are still working to recreate lost files and transactions as they have no way of knowing if they have missed any.

A ransomware attack can cost tens of thousands of dollars to clean up. Attacks may also damage valuable customer and vendor relationships and result in higher bookkeeping, accounting, and legal fees.

The Cost to Prevent a Ransomware Attack

The costs associated with cyber protection and prevention and the ability to recover quickly (should an attack breach your defenses) is relatively minor. The value of prevention and preparation is well worth the cost.

Organizations should invest in proactive cybersecurity measures to mitigate the risk and potential cost associated with ransomware attacks.

Learn more

You can protect your business against ransomware attacks. In our new eBook, a Business Guide to Ransomware, you will learn how malware spreads, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand does not work, because today’s ransom seekers play dirty. Make sure your organization is prepared.

For a 1:1 consultation and assessment of your risk, contact us today.

Be Ready for Ransomware

/in ,

Ransomware continues to emerge as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber extortionists. When the malware runs, it locks victims’ files. The cyber criminals demand payment in return for the decryption key needed to release the files.  

You are probably well aware that ransomware is a hot topic in the news these days as attacks target all types and sizes of organizations. Small businesses are particularly vulnerable to attacks as ransomware is on the rise. Researchers identified more than 4 million samples of ransomware in Q2 of 2015, including 1.2 million new samples. That compares with fewer than 1.5 million total samples in Q3 of 2013 (400,000 new).

The rate of attacks is also on the rise. While Q1 2015 had a 165% increase in ransomware attacks from the prior quarter, the number of ransomware attacks in Q1 2016 was 300% greater than Q4 2015.

Cyber criminals distribute ransomware in a variety of ways. Protection is difficult because, just like the flu virus, ransomware constantly evolves. Between 14% and 17% of attacks in Q1 2016 were new variants, indicating that cyber criminals continue to be creative in finding new ways to do harm.

Over $325 Million was paid by businesses to recover their data in 2015. This number is expected to exceed $1.2 Billion in 2016. The real cost might be 3 times or 4 times these figures when the labor and lost productivity is added up.

You can protect your business against ransomware attacks. In our new eBook, a Business Guide to Ransomware, you will learn how malware spreads, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand does not work, because today’s ransom seekers play dirty. Make sure your organization is prepared.

For a 1:1 consultation and assessment of your risk, contact us today.

 

3 Email Encryption Options for Google Apps

/in ,

Security KeyIn the Google Apps ecosystem, we see three primary players with integrated email encryption services.

  • ZixMail
    • A comprehensive message encryption service that includes user tagging of messages for encryption and heuristics and business rules to auto-encrypt. ZixMail also includes the ZixGateway of other ZixMail users, enabling automated end-to-end secure communications.
  • Google Apps Message Encryption (GAME)
    • A private-label of Zixmail run in Google’s data center. GAME uses the ZixMail encryption engine and services, matched to the email rules capability of Gmail.

 

  • Virtru
    • An encryption-in-place service that integrates with Google Apps which runs in the Chrome Browser, Outlook on Windows desktops, and on mobile devices. Virtru includes features such as forwarding blocks and email expirations. Data loss prevention rules for HIPAA compliance are available at an additional cost.

To learn more about these solutions in depth, read our new eBook: Email Encryption in Google Apps.

Email Encryption is Not Compliance

/in ,

Security Key
While providing a reasonable level of protection from inappropriate access to your data, the built-in encryption is not sufficient to meet information privacy regulations. Laws such as the Health Information Portability and Accountability Act (“HIPAA”), and industry regulations including the Personal Card Information (“PCI”) standards require more than data encryption.

Privacy laws and regulations typically include three components:

  1. Policies and procedures that, when followed, provide appropriate data protections
  2. A means to monitor compliance, with the ability to detect and mitigate potential violations of the policies and procedures
  3. A defined response and resolution procedure in the event of a breach

As explained in our eBook, Email Encryption in Google Apps, Technology can support the implementation of these three components, but does not offer a full solution on its own.

Contact us to assess your email encryption needs and to define an affordable solution.