Ransomware: Not only the Ransom, There are Also Hidden Expenses
Ransomware strikes are on the rise, all over the world. Today, even laymen know what ransomware is. That ransomware strikes could cause all files and data to be encrypted and that you’d need to pay a ransom (in cryptocurrencies) to get them decrypted is known to all. But, it’s not just the ransom that makes ransomware strikes so dear. The ransom, in fact, is just a tiny portion of the total costs involved. There are other hidden expenses as well. Let’s discuss these hidden costs, which contribute to escalating the overall costs that any ransomware strike would incur:
Costs related to ransomware response, recovery and service resumption
Whenever there is a ransomware strike, or for that matter any malware strike, there are costs that are associated with the investigations, digital forensics, detection and identification of the malware etc. Then there would be costs related with fetching backups and also related with re-imaging systems, restoring damaged data and systems etc. Well, coming to backups, things depend a lot on the quality of your data backups; if it takes a longer time to retrieve data, the expenses would shoot up. Similarly, if hackers have managed to encrypt or delete your backup, that would mean an increase in expenses to get things back on track.
Remember, if you don’t have a response team of your own, you would have to hire services of outside experts/consultants for the ransomware response and recovery. That calls for extra expenses. Sometimes, depending on the malware that has infected your system/network, you might even have to upgrade or replace technology, which would also incur costs.
Costs related to post ransom payments
Never be under the impression that you pay the ransom and immediately get your data retrieved; it could take time to decrypt all the data that had been encrypted. Moreover, sometimes victims would need time to establish and fund a bitcoin wallet to execute the payment of the ransom. The hacker would also take some time to verify the payment and transfer it. So, even after paying the ransom, you’d have to work without your systems and the data therein, maybe for a couple of weeks, which would incur you some expenses. There are also costs incurred in making sure that the systems that have been restored are free from infection/corruption and safe to use.
Downtime-related costs, during and after the attack
A ransomware strike renders you incapable of conducting business in the usual way. You’d also take time to respond to the attack and that too causes lost business opportunities. So, the downtime that occurs during and after the attack incurs losses, which also need to be added to the expenses involved. Similarly, your IT staff, being engaged in fixing the issue, would have to ignore doing all the other work that they need to do and that too could incur losses. All these losses need to be added to the list of hidden costs.
The ‘downstream costs’
A ransomware attack could have a considerable impact on your suppliers and other third parties that you deal with. Your suppliers, your partners etc too might suffer loss of productivity following a ransomware strike on your business network and such losses too need to be added to the costs incurred.
The reputation costs
Any malware strike affects and damages the reputation of a business. It results in customers losing trust in the institution and it could even take months to repair the damages that have been caused to the reputation of a business. Well, reputation issues would apparently lead to a dip in the business as well. It could also mean the potential loss of share price for the company, due to an investor response. All these losses, plus the costs incurred in reputation management post the ransomware strike causes financial liabilities for any company.
The breach costs
If data is stolen during the ransomware strike, you’d have to make an announcement declaring it as a data breach. The related expenses- those related to the breach notification, crisis communication, penalties that might be imposed etc, plus the legal and lawsuit-related costs, costs incurred as part of complying with obligations imposed by the state etc- all come together to form what we could term breach costs.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.