And now ransomware attacks have gone from using highly customised software to a system where it’s become the malevolent equivalent of software as a service – ransomware as a service (RaaS).
These attacks are high volume, low ransom events where the software developers sell their malicious packages (or take a cut of the ransom) to less sophisticated cybercriminals. Those cybercrooks then take a shotgun approach, attacking anything and anyone they can in the hope that a percentage will stick and be forced to pay a fee to have their precious data decrypted. That’s where they make their money.
The state of the ransomware economy
Sophos’ recent report, The State of Ransomware 2020 surveyed 5000 respondents from 26 countries, including 200 people from Australia.
The report found that almost half of Australian companies (48 per cent) were hit by a ransomware attack in the last 12 months, but of those, only 17 per cent of attacks were stopped before the data was encrypted.
In almost three-quarters of ransomware attacks, cybercriminals succeeded in encrypting the data, and in just under a quarter of cases, the attack was stopped before the data was encrypted. This indicates that anti-ransomware technology is having an effect and stopping the bad guys’ attacks before they can cause havoc.
In Australia, 12 per cent of firms hit by a ransomware attack paid up to get back access to their data.
Ransomware – the costs of paying up
While 73 per cent of attacks succeeded in encrypting data, the good news is that 94 per cent of companies suffering an infection managed to get their data back. Globally, 26 per cent got their data back by paying a ransom (that figure is only 12 per cent locally), while just over half recovered their operations via backups. Somewhat mysteriously, 12 per cent globally retrieved their data through other means.
One of the most fascinating aspects of ransomware attacks is that paying up actually doubles the cost! Our research found the average cost globally to remediate a company’s infrastructure after a ransomware attack comes in at $US1,448,458 if the ransom is paid. That figure drops to $US732,520 if the attacked company chooses to not pay up.
This sounds a little counter intuitive. After all, if you’ve paid a ransom, you expect to have your data decrypted and everything will be fine, right?
It doesn’t quite work that way.
Even if an organisation pays up, they’re still going to have to do a lot of work to restore the data. So, what they’re dealing with is the cost of being held hostage, as well as the money required to get everything back to a state of normality.
The fact is that the costs required to recover data and get things up and running again are likely to be the same whether they get data from backups or from the crooks involved. Pay the ransom, and organisations will have another big cost on top.
Dealing with ransomware
The good thing about ransomware as a service is that the scattergun approach means there are lots of copies of the software floating around. This means, unlike bespoke ransomware software, the tools needed to defend against an attack are easily and quickly updated and so if an organisation has anti-ransomware software on their network, they’ll generally be protected.
The key here is to have the crucial elements in place. First, start with the assumption that an organisation will be hit and plan a cybersecurity strategy accordingly based on that idea. Preparation is the best defence. Organisations should also invest in anti-ransomware technology – according to our survey, 24 per cent of companies attacked were able to stop the attack with the right technology they had in place before it could have an effect.
It’s also wise to protect your data wherever it’s held. Ransomware doesn’t discriminate, and attackers can hold data that’s in the public cloud as easily as it does on-premises. Organisations should have regular backups in place and store data offsite and offline, so that if they are hit, they can recover as quickly as possible and get back to business as usual.
The ransomware landscape is changing. RaaS is the new normal, but with the right defences and a cybersecurity plan in place, companies can keep their business intact – and avoid the costs and disruption of a ransomware attack.