Perimeter 4min de Leitura - 26 de August de 2020

How much can your company lose in a ransomware attack

This post is also available in: Português English Español

Ransomware attacks, focused on data hijacking, are increasingly frequent in corporations, regardless of their size or segment. This reality causes companies to search for alternatives to minimize the occurrence of these claims, as well as their impacts.

There are quite a number of people investing time and money in designing new variations of cryptomalwares of the Ransomware type. In this sense, it is still worth mentioning that variations of these malware developed by cybercriminals have already been identified, motivated by the low security maturity of companies in the country.

Faced with this reality, new to many companies, one of the great doubts of managers is associated to measurement of possible losses generated by claims of this type. Such doubts are very pertinent, since they need subsidies to evaluate investments, in order to prevent/minimize these occurrences, making feasible the execution of security projects in their structures.

In this blog post, we presented the main impacts generated by Ransomware attacks, bringing to the fore perspectives often disregarded in the analysis phase of the problem. Keep reading the material and expand your critical analytical capability on investments that aim to minimize the impacts of these attacks.

Redemption payment

The redemption payment is usually nota valid alternative for companies that have gone through an episode of data hijacking. This orientation is because there are variations of cryptomalwares that simply do not allow the decryption of data, since the key used for this purpose is not stored by the malware.

Other than that, even if the variation of malware allows decryption and payment to be carried out, there is no guarantee for releasing data from the company victim of the attack, so the orientation is not to pay for the requested redemption.

In any case, if for any reason the company chooses to pay the redemption, this item must be present in the feasibility analysis for the development of the data hijacking prevention project. As a reference for this item, it is important to note that redemptions vary greatly from one another, starting at approximately U$ 300 and reaching U$ 50,000. The size and segment of the company, as well as the impact generated by the loss/exposure of corporate data, influence the value attributed to the redemption.

The payment, conventionally uses virtual currency of difficult traceability (Bitcoin), enabling cybercriminals not to be identified. The use of Bitcoin makes data hijacking a highly difficult crime to solve, so avoiding this type of incident is always the best option for companies concerned with corporate data.

Loss of corporate data

Has your company tried to price the corporate data? This is a good exercise to understand the importance of information for the business, allowing analysis on the feasibility of investments associated to its protection.

In order to estimate the value of the data, it is important to reflect on everything that is computerized or available in digital format that is susceptible to loss/exposure, through an attack with a focus on data sequestration (Ransomware).

Bringing it to a real scenario, we will use the example of an accounting office. Accounting offices store large amounts of customer data, as well as contracts, income tax information and other sensitive data.

Based on the reality presented, what would be the impact of a virtual attack that compromises the company’s data? How much time would be invested to rescue the data and re-establish the operation of the environment? Moreover, if this data were lost definitively, what would be the impact for the office in question?

If the company has a backup system, properly configured and with day-to-day recovery tests, the damage would probably be relatively minor. However, it is important to take into account that some variations of Ransomware attacks are intended to expose the data, rather than simply encrypting it.

Based on this premise, what would be the impact of cybercriminals publishing personal and financial information of the accounting firm’s clients on the Internet?

This scenario is used to exemplify the case where a backup structure would not prevent damage to the business, since the exposure of the data could lead to serious problems for the company’s image, including lawsuits for various purposes.

In this sense, it is highly relevant to attribute a financial cost associated to this type of claim, so that it is part of the calculation of possible costs associated with a claim generated by Ransomware.

Unavailability of resources, people and services

In addition to paying for a possible redemption and actual loss, or exposure, of company data, there are other losses associated with episodes of data hijacking.

As mentioned in the previous item, Ransomware attacks can compromise part or all of the corporate data, making it impossible for employees to perform their activities for hours or even days. This unavailability also brings serious financial impact to the business, since employees are prevented from performing their job functions.

Therefore, it is of great importance to estimate the cost generated by the hours not worked, and to insert them in the document of feasibility analysis, for the implementation of security solutions. The impacts of these costs can be estimated using the productivity calculator, created in principle to estimate the cost of Internet misuse in companies.

Besides the unavailability of the employee, it is important to evaluate the costs generated by the unavailability of the company equipment, damaged during a Ransomware attack. This should be taken into account, because if the victim chooses not to pay the ransom, the affected device is likely to be formatted.

Impacts on company image

Possibly this is the most neglected item among those presented so far. It is of great importance that the company assess the impacts generated on its image after occurrence of sinister of this magnitude. Impacts should be strengthened in cases where there is exposure of the corporate data, as reported in previous items.

In any case, even in cases where there is no exposure of the data, impacts can be highly important for business continuity, since in some segments credibility can be severely affected by this type of occurrence.

The example of the accounting firm is just one of many that could be listed, since virtually every business ends up manipulating sensitive data, whether they are from the company itself or from its customers.

This blog post has presented some points that should be used to measure the costs generated by Ransomware attacks in companies of various sizes and segments. This analysis is a fundamental point to justify investments in information security projects, focused on the prevention of attacks aimed at hijacking data. If you still have questions about how to protect yourself from data hijacking incidents, contact one of our experts.

This post is also available in: Português English Español