The serious consequences of ransomware on organizations.

What is ransomware?

Ransomware is a type of malicious software or “malware” that modifies and encrypts files on devices and computer systems, causing them to crash or stop working.

This software enters the system due to cybercriminal activity or organized criminal groups, in many cases through malicious email messages that appear legitimate. When victims open these emails and follow their instructions, the ransomware begins the silent task of locking files until the device it has entered through, or even the entire computer system, is locked.

Often, this blocking of the computer system leads to the total or partial paralysis of the organization’s activity. The malicious ransomware program displays on-screen messages explaining that the system is “hijacked”. This message usually requests the payment of a ransom in cryptocurrencies, in exchange for the key that would unlock the system to return to normal operation.

Authorities recommend that victims NOT pay the ransom. Even if the demanded sum is paid, there’s no guarantee that the decryption code will work. One reason for the rise in ransomware attacks is the high potential return it offers to cybercriminals for a relatively low level of risk, to the point that it’s becoming a sort of business model, albeit an obviously illegal one.

Consequences of ransomware.

The seriousness of the consequences from a computer system lockdown is obvious, considering how completely all organizations rely on their computer or IT systems.

Often, businesses or public and government agencies targeted by ransomware are forced to temporarily halt operations.

In the best scenarios, this stoppage is only partial, but sometimes operations can completely shut down for hours or even several days. The consequences can be divided into different categories:

Payment of a ransom.

When organizations choose to pay the ransom, despite recommendations against doing so, the amount spent is already a loss as an unplanned or unbudgeted expense. The ransom amounts may vary from hundreds to thousands, or even millions of dollars.

Economic and reputational losses from operations shutdown.

Often, this is the most concerning aspect. For example, in 2021, the Sinclair Broadcast Group suffered a ransomware attack that resulted in losses of about $63 million from unpublished advertisements. The Spanish Public Employment Service (SEPE) experienced a cyberattack on March 9, 2021, which prevented access to its website, and the attackers demanded a ransom. There’s a growing list of organizations being targeted by attacks.

Cost of repair and return to normal.

This includes labor hours of the affected organization’s staff and costs for hiring external teams specialized in helping organizations hit by ransomware get back to regular operations.

Layoffs.

Economic losses might lead to layoffs as part of adjustments organizations have to make after ransomware attacks. Layoffs can affect employees at all levels, including those in charge of cybersecurity and others unrelated to digital security.

Data leaks.

More and more organizations are prepared to recover from ransomware attacks by restoring backups without having to consider paying the ransom. In response, cybercriminals have now developed new strategies to steal sensitive data during attacks and link the ransom payment to not releasing this data. This is a form of double extortion. Sensitive types of data may include medical records, personal identification information, or login account credentials. Cybercriminals might also threaten to release intellectual property information like new product plans or confidential technical specifications.

How can organizations protect against Ransomware?

Generally, the cost of preventing ransomware attacks is much lower than the combined cost of all the consequences mentioned above. Prevention involves two main fronts.

Technological defense.

There are various methods and technologies to detect and prevent ransomware intrusions. These include extensive email filtering, network traffic filtering, event monitoring, etc.

Another defense aspect is having backup systems with tested rapid recovery procedures, ready for real attacks.

Workforce awareness.

While technological defenses can be effective, cybercriminals use attack tactics to deceive users. These include trap emails, fake web pages, phone calls, SMS, WhatsApp, and other methods.

The best defense is establishing a permanent digital security culture among all staff. This involves training, often through online courses like SafeUser, teaching users to identify potential attacks and react appropriately. Besides training, it’s advisable to include cybersecurity in regular corporate communications, maintaining constant alertness against attackers and their evolving strategies.