The latest attacks are costing organizations even more money to recover from ransomware. Will you be the next big victim?
With ransomware attacks hitting governments, hospitals and business small and large in 2018, there is no sign of a shortage of case studies for cyber security experts. One recent attack—which I’m sure you’ve heard about by now—has shown just how costly ransomware can be.
I don’t simply mean the cost of paying the ransom note! While some folks may think ‘pay the ransom and be done with it’ may be the easiest solution to re-mediating a ransomware attack, it’s simply not that simple. While ransom notes have gone up in costs in the last year—the current $50,000 price tag is not even the tip of the iceberg when it comes to costs associated with an attack.
In that big Samsam attack in late March on the city of Atlanta, Georgia I alluded to above, city officials are still figuring out how to cap its security spending. To-date, the city has shelled out over 3 MILLION dollars in contracts to recover from its devastating ransom attack on March 22, 2018. To-date, there is yet a comprehensive resolution to completely re-mediating the effects from the attack.
What types of costs could add up from a cyberattack?
I’ve gone through some of these costs before in a post on whether to consider getting cyber insurance, but some of the headliners are as follows:
Forensic work— probably the biggest sticker item in a ransom attack will be getting expert forensics analyses on where your network was breached and what information was touched. Forensics work may be especially important if your organization works in healthcare or any industry that stores sensitive information—of which you are responsible for. A good cyber forensics team will typically charge tens of thousands of dollars per workstation in need of forensics analysis. Why the large sticker price? There are only a handful of reputable teams out there, which makes their time really valuable. Expect shelling out top dollar to make sure you understand exactly what was breached in your cyberattack.
Response mitigation— another big ticket item when it comes to cyber-remediation is actually mitigating the ransomware infection on your network. This entails, scrubbing your network of the virus, restoring your network from backups, and making sure everything is running smoothly. This mitigation team may also need to prove that your network is completely rid of ransomware before vendors will sign on to continuing your support—that means EHR vendors, cloud vendors or other technical vendors that you acutely rely on. Other government agencies or compliance groups may also expect that you prove your network’s cleanliness before giving your organization a green light as well (that might mean to get referrals or business incentives).
Cyber consulting—as part of dealing with all of the nuts and bolts of a cyber breach or infection, you may resort to getting experts that have gone through the process of mitigating cyberattacks before. If you opt for hiring experienced consultants to mitigate your disaster, you might expect hefty bills at the end. Cyber consultants understand what to do when after a breach and may prove invaluable to recovering post-infection.
Compliance fines—in addition to all the other expenses, the government or other industry agencies may be looking to make sure you’ve learned your lesson in cyber hygiene by enforcing hefty fines. HIPAA, NCUA and PCI-DSS compliance are some of the big hitters in today’s cyber landscape when it comes to compliance groups. Expect hefty fines if you’ve seriously infracted your security compliance.
What’s wrong with just paying the ransom?
When Atlanta was going through its options for ransomware mitigation, the mayor suggested to just pay the ransom. While many—including the FBI—have issues with emboldening cybercriminals by paying ransoms, there are other very real data that suggest that paying the ransom may not help. Ransom payments don’t guarantee data recovery. In nearly 30% of cases, when businesses and organizations paid the full ransom note expecting their data restored, nothing happened. Criminals don’t always live up to their word. Should that be a surprise?
But even when a ransom is initially paid, that data may still be at risk.
Data exposure—if you store sensitive data on your network—billing info, social security numbers, tax returns, medical and insurance records—you are handing over that data if you ask the criminal ring ransoming your data to recover it.
You see, when your data gets encrypted, an autonomous virus swept through your network locking down files. You can’t make heads or tails of the data anymore and neither can they!
Giving them the data?—But when you download the key to decrypt the data, you are allowing their decryption tool to access every single file on your network (that tool is located somewhere on one of their servers). By giving them this carte blanche access, you essentially are giving them a window into every single file stored on your network. That means they might store that sensitive data to further exploit later on… Maybe to use on a rainy day when ransom attacks aren’t making them enough cash?
Your data may be doxxed?—doxxing might not be in all vocabularies yet, but it soon will be! In many cases—even after a ransom is paid to decrypt files—cybercriminals follow up with additional malicious tactics. One of which includes publishing sensitive data on the internet for all to see (and further exploit), also known as doxxing.
Are you ready for a 3 MILLION dollar mistake?
With costs in cyber security expected to rise through 2018, are you willing to neglect your network? Can you afford to shell over inordinate amounts of money to repay for simple mistakes and vulnerabilities on your network?
Not sure if your network can withstand the latest ransomware attacks? Contact us TODAY for a free cybersecurity assessment.
