This year began with the Royal Mail ransomware case. The malware ceased international shipments for two weeks.

Total financial losses for businesses that relied on the service and the Royal Mail itself

are still uncertain.

Behind this case is the known ransomware group LockBit which tried to extort the company for $80 million.

New variants of ransomware, with even more sinister capabilities than sole file encryption, can completely lock companies out of their networks and obtain sensitive data.

They’re paired with the threats of data theft and leaks as well as other types of attacks to force the victim into paying the ransom.

On average, the cost of ransomware for the affected companies is estimated to be $4.54 million. This number doesn’t even include the price of the ransom itself.

Let’s break down why ransomware cases are so costly and what companies can do today to protect themselves from a possible attack tomorrow.

The Hidden Costs of Ransomware

Some of the factors that contribute to the high cost of ransomware are:

● The ransom itself (if paid) or rebuilding infrastructure/retrieving data

● Falling behind with work (ceased operations and lost revenue)

● Hiring experts to strengthen security

● Investigation of the attack

● Compensating users following the data breach in the case of a class action lawsuit due to data theft

● Damaged reputation

Most ransomware cases are strictly financially motivated. The threat actor targets the business to demand ransom (mostly in crypto since it’s more challenging to trace it back to the criminals).

Whether or not the company pays the ransom will depend on which parts of the systems have been affected, whether the documents are sensitive, and if it can get back access to parts of its critical infrastructure.

It’s advised not to ever pay the ransom (and with that fund and support criminal activity) because there’s no guarantee that hackers will keep their end of the deal.

At the time of speaking, it’s not illegal to pay the ransom in many states. However, new research suggests that the number of companies paying the ransom is decreasing.

What happens when the company doesn’t pay the ransom, though?

The simple truth is that it differs from one case to another. Some might lose files that have been locked while others will have to rebuild their entire infrastructure.

Regardless of how the business handles ransom, they have to go through the expensive remediation phase where the experts remove the malicious software from the system and improve the security.

Recovery also involves the investigation of this criminal case and possible lawsuits if the data of the users has been compromised in the attack.

All of that combined can halt the regular operations of a business and cause major revenue losses for the company.

Even more, the attack can cause reputational harm for the company.  

As customers find out about the case, they take note of how the business handled the crisis. Did they do everything possible to protect user data? Communicated transparently? Refused to falter under the pressures of the criminals’ demands?

While reputation is not something that can be easily gauged, for high-profile cases it’s possible to observe the stocks before and after the attack.

Protecting Business Finances Against Ransomware Attacks

Steps a company can take to protect its network against possible ransomware include:

● Investing in a specialized tool that can uncover malware

● Properly manage data

● Do regular cybersecurity hygiene

● Introduce phishing awareness training

Cybersecurity solutions for ransomware are designed to recognize the patterns (fingerprints) of this file-locking malware and block it before it can infect documents or parts of the infrastructure.

The latest anti-ransomware solution is also automated and works non-stop to detect signs of malware. This is essential because the early discovery of the hacking activity can cut the costs of expensive security incidents, such as data breaches.

Since most versions of ransomware target the data of a company or individual, it’s necessary to take extra steps to enhance data security. Invest in solutions that can catalog and allow visibility into where your data is at all times.

Also, doing regular backups of the files can aid workers to resume their jobs even if the system is infected with malware.

In security, hygiene is maintenance — doing regular updates, patching up flaws, and strengthening the network in its weakest points. Daily improvements remove the vulnerabilities that can be exploited by malicious hackers.

Phishing attacks are gaining popularity, which is why training employees to recognize suspicious emails is a great first step in the line of defense.

Ransomware Brings Unexpected Costs — Be Prepared

Regardless of how you look at it, the cost of ransomware is high. For many companies, it’s challenging to fully recover following such a breach.

Once the files are encrypted, it’s notoriously difficult to decrypt them and get them back.

New strains of ransomware can steal data (not just encrypt them to demand the key) or lock the business out of the network and cease operations completely.

That’s why it’s important to secure infrastructure, prepare employees working in the company, have a solution that can trace the ransomware, and take extra precautions to protect sensitive data.