Ransomware and the cost of downtime

October 28, 2016 Data Management

There are few potential disasters that scare IT administrators quite like a successful hack. A breach involving private customer information can quickly become a permanent black mark on a business's reputation, but what happens if no data is ever stolen? What if the cybercriminal simply locks all the files on a computer or a network and forces the victim to pay money in order to unlock it all?

This is exactly what ransomware does, and its relevance within cybersecurity has been growing by leaps and bounds recently. Hackers have figured out that selling stolen information is hard work, and that they'd much rather just shut down a company's IT operations until the organization pays up. It's a frightening trend that administrators in every field must stay on the lookout for. 

How does this malware get in?

"Real cybercriminals don't take much of an active role in a lot of hacks."

Unlike in the movies, real cybercriminals don't take much of an active role in a lot of hacks. Rather than furiously typing until they've broken some sort of defense, most hackers rely on previously built malware to do the job for them, much like they would in a ransomware campaign. Therefore, one of the easiest ways to infect a computer or even an entire network is to rely on social engineering. 

The most effective attack technique here is phishing, which is where a hacker sends out legitimate-looking emails in an attempt to get victims to click on a malicious link. In fact, security firm PhishMe found that in the first quarter of 2016, 93 percent of the phishing campaign messages that were being sent out had ransomware attached to them. 

The issue with this is the fact that there isn't a single security system built that can fully close this attack vector. While there is a plethora of antiphishing software on the market right now, none are 100-percent effective at blocking these kinds of messages. This means that it's up to individual employees to stop these campaigns in their tracks. Sadly, the reality of the situation is that a lot of workers are sorely unprepared to spot phishing emails. 

What will this cost an organization? 

The main motivator to pay the hacker here is that disallowing access to important files will create a massive amount of downtime for workers. If employees can't access data or vital applications, they have no choice but to sit on their hands and wait, which is incredibly expensive. Exactly how much money this wastes has been the subject of much debate – Gartner has said it costs around $5,600 per minute while the Ponemon Institute has said it's closer to $7,900 per minute. Regardless of which stat you associate with here, it's very clear that IT downtime can cause a major financial blow to a company in a very short time. 

Hackers love bitcoin because it's hard to track. Ransoms are very often paid in bitcoin.

However, the worst part of a ransomware attack often isn't the revenue lost to downtime or even the money given up as part of a ransom. The biggest problem is the reputational impact of such a campaign. To begin, an inability to access important information is most likely going to translate to customer service issues. If employees can't use internally kept data and applications, clients aren't going to get what they're paying for. On a long enough timeline, such an event could seriously tarnish relationships. 

Other than this, organizations hit by a ransomware campaign will also have to deal with a largely uninformed public. Most people don't know what ransomware is, and when they hear that a company they do business with has been hacked, they very often jump to the conclusion that their data has been stolen. While staying transparent and keeping customers informed should help here, the fact of the matter is that a good portion of clients might be less trusting of an institution that's been victimized. 

Baking up data is key

While educating employees to sniff out phishing campaigns in their inbox is obviously important, one of the best defenses against a ransomware attack is a robust backup routine. By having extra copies of vital information segregated from your internal network, your company can sidestep an expensive ransomware infection by simply falling back to backup data.