The True Cost of Ransomware

Ransomware attacks have become one of the most serious threats to global cybersecurity, with enterprises facing damage to both property and brand recognition.

The Threats of Ransomware

Ransomware is defined by its stealth, destruction, and difficult data recovery features, impacting the efficiency of enterprises’ defense and response.

Stealth

The ability of malware to remain hidden and undetected allows it to gain access through storage media, phishing emails, website Trojan horses, and security vulnerabilities. It does not attack or demand a ransom until it has control of high privileges and critical data. Further, hackers using cryptocurrencies like Bitcoin as an encrypted payment link that is near-impossible to trace.

Destruction

It is reported that the global losses caused by ransomware attacks in 2021 reached $20 billion, 61 times the $325 million recorded in 2015. Ransomware not only causes losses from ransom, but also the collateral damage caused by downtime, a negative impact on brand image, and an increase in labor costs.

Recovery hurdles

A ransomware attack can encrypt or delete data copies in both local and disaster recovery (DR) centers, affecting recovery efforts and causing data leaks. It is reported that it takes on average 16 days to recover data, at a total cost of $1.85 million in 2021, up from $761,000 in 2020.

Recent Major Ransomware Attacks

The consulting firm Cybersecurity Ventures predicts that by 2031, there will be one organization being attacked by ransomware every 2 seconds, an extraordinary increase from the 11 seconds averaged in 2021. Here, we take a look at three major ransomware attacks that have caused havoc in organizations across the globe.

Highest ransom to date: US insurance giant pays $40 million ransom

In March 2021, CNA Financial, one of the largest insurance companies in the United States, was the target of a ransomware attack from the Phoenix group, which encrypted 15,000 devices and caused downtime of CNA’s network for three days. To protect the confidentiality of customer data from being leaked, CNA paid $40 million to retrieve the data, the highest ransom ever paid in history for one single event.

Far-reaching impacts: US’s largest fuel pipeline provider shuts down fuel supply in Eastern America

In May 2021, Colonial Pipeline, the largest fuel pipeline provider in the United States, was forced to shut down its oil transport network in the eastern United States after being hit by the DarkSide cybercriminal hacking group. Colonial Pipeline operates large-scale pipelines of refined gas, supplying 45% of fuel in the eastern United States. Its impact caused the company to halt its pipeline operations, forcing 17 states and Washington, D.C. to enter a state of emergency. The company eventually paid bitcoins equivalent to $4.4 million in exchange for the hacked files, and needed 11 days to restore its full capacity. The event depleted 87% of gas stations in Washington, D.C. and inflated gas prices to their highest levels in seven years, leading to panic buying. On June 8, the U.S. Congress held a hearing on the extortion and offered a reward of $10 million on the key members of the criminal organization.

Extortion attempts on government: Costa Rica declared a national emergency

The most notorious ransomware attack of 2022 was the virus Conti that crippled the Ministry of Finance in Costa Rica. Here, hackers stole huge quantities of government data in April 2022, crippling many essential services (international trade, custom and tax) and plunging the government into chaos. Despite the President of Costa Rica declaring a national emergency in response, a second wave of ransomware attacks occurred on May 31, forcing the national government systems to go offline, after which essential services for citizens malfunctioned, and appointments, treatments, and countless surgeries had to be cancelled across the country.

Next Volume: The Trend of Ransomware

———————————-