Business & Technology
In the (relatively) brief history of computer crime, many kinds of attacks have, for one reason or another, become obsolete and faded from view. Ransomware, however, is only becoming more of a threat. Since the first known attack in 1989, damage from ransomware has continued to grow in scope and severity. No organization can afford to wait it out and hope for some painless universal solution. According to a Fortinet survey, 67% of businesses and organizations have been targeted by ransomware.
Ransomware began as more of an inconvenience than true impact to a given business -- a few computers locked here or there, with ransom maybe paid if something important wasn’t backed up. But ransomware gangs refined their techniques over time, researching their targets to pinpoint the greatest operational impacts: preventing the mission from being accomplished, whether that was making widgets, providing health services, or something else. More pain caused, bigger ransoms, more money.
Ransomware began as a crime of opportunity, with attackers almost randomly infecting vulnerable machines and seeking ransom – the shotgun approach. Things have changed.
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) has noted just a few of the ways ransomware has become more effective and costly:
Although overall ransomware remains a top concern, there are proactive measures organizations of almost any size can, and should take, to minimize the impact of a ransomware incident. Although there is a range of technical controls available to prevent, detect, and respond to ransomware, there are also process, practice, and awareness moves in addition that can position organizations to handle a ransomware attack much better. A partial list of these proactive measures includes:
Every business has different approaches to risk tolerance, security spending, and cost/benefit analysis, but some raw numbers can be helpful in putting ransomware into a business perspective. Two numbers in particular are useful: the average cost of recovering from an attack and the average ransom demand.
The average cost of a single ransomware incident was US$713,000 a few years ago.
The cost of just paying the ransom has been rising, reaching US$178,254 in 2020.
Just basic consideration of those raw numbers suggests that getting ready for ransomware – making response and recovery more efficient in addition to just preventative controls – could lead to a good return on the investment. It should be noted that the numbers above do not capture reputational damage, loss of customer confidence, and other costs that are difficult to quantify but are real.
Ransomware is obviously not going away any time soon, and will probably remain at peak levels as FortiGuard Labs research shows. Organizations that haven’t been hit yet can continue to ride their luck, or they can take a good look at where they stand and become a harder target. And on the other side of an attack, if the worst has indeed happened, recover as smoothly and thoroughly as possible.
To help navigate ransomware effectively, our Incident Readiness Subscription Service can help organizations with a rapid and effective response when an incident is detected and also help better prepare for an unforeseen cyber incident through readiness assessments, IR playbook development, and IR playbook testing (tabletop exercises).
Learn more about how Fortinet Security Fabric solutions protect the entire organization against ransomware attacks as well as from infection and spread.
Read more on threat research and protection from the FortiGuard Labs team: FortiGuard Labs Perspectives