A few months back, two businesses attacked by ransomware contacted us requiring immediate assistance to help combat their ransomware incident. The structure of these businesses were opposites of each other, one had several thousand systems and the other had a few hundred. Nevertheless, both needed to be recovered.
Our staff quickly began running recovery processes which resulted in 105-hour workweeks. This all happened during Christmas time which illustrates just how unpredictable these attacks can be. Alvaka Networks CEO, Oli Thordarson, mentions that cyber insurance is a valuable asset and that without it businesses, “should expect to spend at least $100,000 on ransomware recovery […] though costs could easily run ten or twenty times that amount depending on the size of the business, the extent of the ransomware infection, and the recoverability of the data.” Although advantageous, one of the disadvantages of cyber insurance is that they, “typically won’t pay for preventative measures that reduce the likelihood of future ransomware attacks.”
However, cyber insurance can sometimes slow the recovery process since the plans must be approved by the victim’s insurance provider. This was the case for one of the Christmastime ransomware victims. Although businesses should avoid paying a ransom, it is sometimes better for a company to purchase the decryption tool from the cybercriminals than suffer significantly more financial and reputational loss. Ultimately, the pros and cons must be thoroughly evaluated before making such a decision, but generally, this should be the last option.
There are two main types of damages that ransomware victims suffer from, “the first of which is the cost associated with paying the ransom and the downtime experienced by the organization,” and the, “second type of damages comes from trying to mitigate against future ransomware attacks, which at the very least requires a thorough scrub and forensics of the systems and often entails rebuilding the entire system from scratch.”