When a company is hit upon by a ransomware attack, the damages that are processed are the amount of money that will go into a ransom and the expenses spent on the recovery of data. However, the costs related to restoration and recovery of computer systems go beyond these factors.
These organizations have to create cryptocurrency accounts to pay the cybercriminals. However, cryptocurrency accounts require a few days to become functional. Moreover, the cybercriminal will also need some days to validate the authenticity of these transactions. Furthermore, it takes significant time to decrypt the files. Thus, a lot of time is wasted in ransomware attacks which halt a company’s operations.
Costs in Recent Ransomware Attacks
The recent Atlanta ransomware attack required more than $2.5 million spent on things including crisis communication, incident response services and cloud services. It was less than the ransom demanded by the attackers which was just $50,000.
February 2018 saw Colorado’s transportation department damaged by a ransomware attack. The department spent almost $1.5 million to remove ransomware out of the $2 million assigned by the government. In order to limit the ransomware, the security team took another 14 days. More than 100 people were required to work in order to resume the operations of the systems.
Growing Damages to Remove Ransomware
Ransomware removal research from Cybereason indicated that ransomware attacks are on the rise again. Moreover, the resources spent on these attacks are expected to increase. The research also noted that while ransomware campaigns are not as active as they were three years ago but the resources spent in ransomware removal cases are nevertheless expected to grow in the coming years. In comparison to $325 million of damages on ransomware removal cases in 2015, the damages expected in 2019 are more than $11 billion.
Many companies comply with the demand of hackers and pay money in order to save their systems. However, law enforcement agencies have strictly discouraged doing so as this not only encourages the hackers to continue with further attacks to gain money but it also provides support to the ransomware industry.