[BreachExchange] Ransomware: It’s Not Just the Ransom, There are Hidden Expenses As Well…

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jun 5 19:11:45 EDT 2018


https://hackercombat.com/ransomware-its-not-just-the-
ransom-there-are-hidden-expenses-as-well/

Ransomware strikes are on the rise, all over the world. Today, even laymen
know what ransomware is. That ransomware strikes could cause all files and
data to be encrypted and that you’d need to pay a ransom (in
cryptocurrencies) to get them decrypted is known to all. But, it’s not just
the ransom that makes ransomware strikes so dear. The ransom, in fact, is
just a tiny portion of the total costs involved. There are other hidden
expenses as well. Let’s discuss these hidden costs, which contribute to
escalating the overall costs that any ransomware strike would incur:

Costs related to ransomware response, recovery and service resumption

Whenever there is a ransomware strike, or for that matter any malware
strike, there are costs that are associated with the investigations,
digital forensics, detection and identification of the malware etc. Then
there would be costs related with fetching backups and also related with
re-imaging systems, restoring damaged data and systems etc. Well, coming to
backups, things depend a lot on the quality of your data backups; if it
takes a longer time to retrieve data, the expenses would shoot up.
Similarly, if hackers have managed to encrypt or delete your backup, that
would mean an increase in expenses to get things back on track.

Remember, if you don’t have a response team of your own, you would have to
hire services of outside experts/consultants for the ransomware response
and recovery. That calls for extra expenses. Sometimes, depending on the
malware that has infected your system/network, you might even have to
upgrade or replace technology, which would also incur costs.

Costs related to post ransom payments

Never be under the impression that you pay the ransom and immediately get
your data retrieved; it could take time to decrypt all the data that had
been encrypted. Moreover, sometimes victims would need time to establish
and fund a bitcoin wallet to execute the payment of the ransom. The hacker
would also take some time to verify the payment and transfer it. So, even
after paying the ransom, you’d have to work without your systems and the
data therein, maybe for a couple of weeks, which would incur you some
expenses. There are also costs incurred in making sure that the systems
that have been restored are free from infection/corruption and safe to use.

Downtime-related costs, during and after the attack

A ransomware strike renders you incapable of conducting business in the
usual way. You’d also take time to respond to the attack and that too
causes lost business opportunities. So, the downtime that occurs during and
after the attack incurs losses, which also need to be added to the expenses
involved. Similarly, your IT staff, being engaged in fixing the issue,
would have to ignore doing all the other work that they need to do and that
too could incur losses. All these losses need to be added to the list of
hidden costs.

The ‘downstream costs’

A ransomware attack could have a considerable impact on your suppliers and
other third parties that you deal with. Your suppliers, your partners etc
too might suffer loss of productivity following a ransomware strike on your
business network and such losses too need to be added to the costs incurred.

The reputation costs

Any malware strike affects and damages the reputation of a business. It
results in customers losing trust in the institution and it could even take
months to repair the damages that have been caused to the reputation of a
business. Well, reputation issues would apparently lead to a dip in the
business as well. It could also mean the potential loss of share price for
the company, due to an investor response. All these losses, plus the costs
incurred in reputation management post the ransomware strike causes
financial liabilities for any company.

The breach costs

If data is stolen during the ransomware strike, you’d have to make an
announcement declaring it as a data breach. The related expenses- those
related to the breach notification, crisis communication, penalties that
might be imposed etc, plus the legal and lawsuit-related costs, costs
incurred as part of complying with obligations imposed by the state etc-
all come together to form what we could term breach costs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180605/3694d739/attachment.html>


More information about the BreachExchange mailing list