New data shows it’s now clear the biggest problem with ransomware (just after taking down your operation) is all the necessary costs incurred trying to clean up the mess post-attack.
If your organization hasn’t been hit with ransomware, consider yourself lucky. Believe me when I say it’s not something the business wants to experience. According to Palo Alto Network’s security division, Unit42, their most recent Ransomware Threat Report 2021 details that the bad guys are no longer satisfied with a spray and pray approach to infiltrating the majority of a victim network. They are instead “[taking] their time to learn the victims and their networks, following a more traditional network penetration approach.”
According to the report, the ransom demands in 2020 reached nearly $850,000 with the average ransom paid nearly tripling in 2020 to $312,000 from 2019’s average of only $115,000.
In addition, Unit42 highlighted the additional forensics costs post-attack to help victim organizations come up with a response strategy and execution plan. The average forensics costs were $40,719 for small and mid-sized businesses and $207,875 for larger enterprises. This on top of whatever ransoms were paid.
We’ve also seen the overall cost double when ransoms aren’t paid. So, there’s no real good answer here except to completely avoid becoming a victim. RDP and Phishing attacks remain the most prevalent initial attack vectors for ransomware, putting Security Awareness Training at the top of the priority list as a means of shrinking the phishing attack threat surface.