When a ransomware gang attacks, it’s not just a problem for IT professionals, it impacts everyone. A ransomware attack triggers a chain reaction. Not only is it damaging to the entity, but it can also impact its employees, third-party affiliates, clients/ patients/customers, the industry, and other stakeholders. What is often not focused on is the social and psychological impacts of ransomware on all those involved.
In the fall of 2020, the London Borough in Hackney (England) fell victim to ransomware. Services offered by the borough were obstructed for many months while their systems were being repaired. For the citizens of the community, this ransomware incident was psychologically damaging and emotionally draining. Testimonies were taken from many people who were so distraught that they were unable to do their jobs. Though Hackney never paid the ransom, it cost an estimated £12 million to recover. The financial loss was great, but the human cost was greater.
Often, governments and organizations only focus on the disruption to their systems, financial losses, and reputational damage, rather than the social and psychological impacts. This is due to the lack of awareness and a reliable method to evaluate all the damage done, particularly when it comes to intangible consequences.
Social consequences that arise as a result of an attack can cause long-lasting damage to an organization, its clients, its third-party affiliates, and its employees. Compromised companies shut down operations and lay off workers, which leads to an increase in unemployment, emotional stress, and financial burden. Just last month, Alvaka dealt with a victimized firm that was already experiencing financial stress. The executive elected to shut down the company rather than try to recover. Attacks can also lead to people losing confidence in governments and companies and deter them from trusting new technologies in the future.
In order to guarantee an accurate report on the entirety of damages, there must be an established and valid set of tools and guidelines for measuring the psychological and social impacts on victims. Developing these guidelines will need input from the victims, companies, governments, medical professionals, lawyers, auditors, etc.
In research conducted by Northwave, a security operative, the findings revealed that the psychological effects and mental strain of ransomware attacks can persist in victims for a long time. Inge van der Beijl (Behavior and Resilience Psychologist at Northwave) explains that for team members, symptoms can manifest much later, and management needs to take initiative to address this from the very start. Both executive and HR management have some accountability when it comes to the well-being of their employees.
This research has also uncovered that, subsequent to a ransomware attack, many teams fall apart and company morale diminishes. Positive work attitude, job satisfaction, and outlook of the organization plummet significantly. This can sometimes result in employees staying home on sick leave more, or leaving the organization entirely. This invisible impact can linger throughout the organization for one to two years later and pose a problem to human resources management and general business management.
The human response to a ransomware attack has been categorized into three distinct phases below. Each of these phases has different mental and physical effects for those involved, which can be detrimental to an organization.
- Phase 1: Crisis (develops into incident phase after one week) – Characterized by feelings of helplessness, guilt, and high pressure.
- Phase 2: Incident (the plan of action is established and recovery measures are set in motion) – Characterized by exhaustion and high pressure.
- Phase 3: Project (after a month, critical crisis is averted and basic functionalities are available once again) – Characterized by job fatigue and trauma.
Overall, this research by Northwave emphasizes the importance of top management being actively involved throughout the entire recovery process. In the crisis phase, it’s important to encourage healthy coping mechanisms and make sure employees are regularly taken care of. In the incident phase, policies will need to be established to best manage the workload. In the final project phase, evaluations will need to be arranged so that those directly, and indirectly, involved with the attack may air out their feelings and concerns. Raising awareness of this issue and supporting the victims are the first steps to recovery and growth.
Despite the negative consequences of a ransomware attack, there are sometimes positive impacts that can emerge from it. IT divisions can implement security maintenance that was long overdue now that their organizations are making cybersecurity a higher priority. Non-IT employees can also exhibit sentiments of empathy and solidarity, improving collaboration.
Alvaka has rapid response teams available for ransomware attack situations. Having experienced ransomware recovery personnel lead the recovery effort helps mitigate the stresses within the whole organization and dramatically speeds up the recovery to normal operations.