The golden rule when it comes to ransomware is to never pay your attackers.
The FBI cautions against it, we’ve warned you not to do it and in general there’s no guarantee that your attackers will release all your data back to you after you pay anyway.
Unfortunately, for many organizations there isn’t much of a choice. Whether due to a lack of backup, a backup which was also infected or unfamiliarity with cybersecurity best practices, many businesses see no other option than to pay.
Let’s take a look at how much ransomware cost businesses last year and what you can do to protect your organization.
The Average Cost
According to a recent report commissioned by ransomware incident response firm Coveware, victims of ransomware paid an average of $6,733 during the fourth quarter of 2018 to free their data. This was itself an increase of 13% from the third quarter of 2018.
This increase is likely due to the introduction of the SamSam and Ryuk ransomware strains at the end of the year, which demanded higher than average payments.
Looking at the chart below you can see the peaks of demanded ransomware payments, with the red representing the mean.
As you can see, at certain points of the year the average ransomware payment reached almost $15,000 dollars, an incredibly high sum that would leave many SMBs in the red.
So, where did these attacks come from?
For the organizations that were capable of tracking the source of their ransomware infections, they found that the following attack avenues were most common:
- 85% from Remote Desktop Protocol (RDP)
- 14% from phishing
- 2% due to another form of social engineering
What to Do
As we previously mentioned, ideally you do not want to pay to have ransomware removed from your devices.
Along with their being no guarantee that cyber criminals might just refuse to unlock your data even after payments have been made (or decide they’d like even more money), there is the possibility that technological mistakes may have made it impossible to restore your system anyway. You could be paying for nothing.
To make matters worse, these criminals are increasingly targeting backups first. Modern, increasingly sophisticated ransomware not only locks up your system but also any networks your devices are connected to. This includes cloud storage and servers.
Therefore, being connected to your sole backup source 100% of the time can be a recipe for disaster. For example, in the same Coveware study it’s noted that 75% of ransomware victims who paid their ransom also lost access to their backups.
This might make it feel like an impossible scenario. Ransomware is becoming smarter while ransom costs are increasing.
Despite all this, your best option is still not paying the ransom and relying on a disconnected backup that’s safe from attackers.
To craft this solution, work with your IT team to take a tiered approach to backups, ensure your backup is not connected 24/7 to your system, and reach out to experts who can help you close these gaps in your system, train your staff on how to avoid these attacks and help install a culture of cybersecurity.
