As the threat of ransomware becomes more pervasive, hackers are looking beyond big targets in the Fortune 1000 to less-protected SMEs. Empowered by ransomware variants that are easily distributed in Crime as a Service (CaaS) kits, even inexperienced hackers can now launch crippling attacks on smaller, less defended companies, opening up a new front in the battle against malware.
From the hacker’s perspective, successfully striking a large number of smaller targets as opposed to a single large one has advantages. First and foremast, it’s a safer bet, as smaller companies tend to be much less ready for a ransomware attack than larger ones. According to survey of SMEs in the United States by Webroot, 71% of the leadership of American SMEs lack confidence in their organization’s ability to protect against ransomware — an overwhelming majority.
Not only is it easier to infiltrate smaller companies, but it can be highly profitable. According to the Ponemon Institute, half of SMEs pay the ransom when attacked by ransomware. The relative ease of successfully attacking smaller companies means that hackers can now playing a number game, casting a wide net and reaping their financial reward based on the sheer scale of their attack.
How damaging are these attacks? The cost of ransomware attacks often far exceeds the payout demanded by criminals. Let’s take a closer look at how much Ransomware can really cost:
1. Days of Lost Revenue
The most direct way that a ransomware attack will damage your business is in lost revenue. When your business is rendered inoperable due to a ransomware attack, your operations grind to a halt, projects or orders get delayed, and your business stops making money. It only takes some quick “back-of-the-napkin” math to see how quickly that lost revenue adds up.
The simplest way is to look at your company’s total revenue and divide it by the number of business days of the year. For example, a company that makes 250 million dollars a year has daily revenue of that number divided by 250 days, or in this case 1 million dollars a day. In a company of this size even just a few hours of downtime would cost hundreds of thousand dollars, and ransomware attacks are usually much more debilitating than that. The average downtime for ransomware typically exceeds 3 days, which would cost the business in our example close to $3 million dollars in lost revenue.
2. Hours of Lost Productivity
Another important factor to take into consideration is the cost of lost productivity, because when your company isn’t operational you’re still paying your employees. The simplest way to calculate this number would be to take the average salary of your staff and divide it by the number of hours worked per year, which is around 1,800 hours for the average American employee. Assuming a mean salary of 60 thousand dollars, we arrive at an hourly rate of about $30 an hour.
So a company with 1000 employees that’s been infected with ransomware and cannot operate is paying at least $30,000 dollars an hour in addition to the lost revenue listed above. But that’s just a low estimate. To get a more accurate result, you’d also have to factor in bonus payments, health insurance, and other costs associated with carrying each employee, which are likely to increase this initial number by 30%.
3. The Cost of Getting Operational Again
To get an accurate picture of the costs involved in a ransomware attack, you must also account for the costs of getting your business operational again after ransomware has struck. If the affected business has a strong disaster recovery solution in place then returning to normal business operations typically involves wiping affected endpoints clean and restoring company data from the backups. This process, though a fairly reliable means of recovery, is time-consuming endeavor. A conservative estimates would say to count on about one hour to reimage a single endpoint.
For companies with no recent back-up, the choices are even costlier. This could include the time spent negotiating with cyber-criminals, or the price of paying off the ransom — which does not guarantee your systems will be released. In some situations you might require the support outside contractors to help with the restoration of your system, adding another significant cost.
Strong Endpoint Protection is the Best Solution
The financial damages caused by ransomware attacks aren’t a distant threat that companies have the luxury of analyzing theoretically. Cybercrime cost the global economy $3 trillion dollars in 2015, and that figure is expected to grow to $6 trillion dollars by 2021. In the United States, ransomware is set to do $75 billion in damages to SMEs in 2018. Clearly combating ransomware should be a top priority for anyone in the leadership position of a company to carefully consider.
Countertack’s endpoint protection technology not only protects company network from new and unfamiliar threats, like ransomware variants found in CaaS kits, but can dramatically increase the speed at which these threats are located and contained. This ability to mitigate fast-moving ransomware protection is the difference that saves your business from disaster. Visit www.countertack.com and learn how we can help keep you safe from the next wave of Ransomware.