Datto illustrates this with a case study within the report of the infamous SamSam ransomware attack that hit the city of Atlanta in 2018. The ransomware attackers only demanded $51,000 in ransom money, but the attack took on dimensions that city IT workers never could have imagined. For example, the SamSam attack knocked the city of Atlanta offline for five days, resulting in the loss of important citywide services for one of the largest cities in the United States. All told, the total recovery cost for the city of Atlanta was $17 million.
That example helps to illustrate an important point made by the Datto report: on average, ransomware attacks are 10 times more costly to the business than the ransom itself. Based on the numbers that Datto collected from MSPs, the average ransom amount was just $4,300 but the average total cost of an attack (once you add in all the downtime and loss of productivity) was $46,800. Thus, even after a hacker has demanded payment, the cost of getting everything back up and running (especially the main operating system) could be much higher than ever anticipated.
Finding a solution to the ransomware problem
So what can be done to prevent ransomware attacks in the future? As Datto makes clear, there is no “silver bullet” that will stop the problem once and for all. And traditional cyber security defenses that companies have relied on in the past to keep themselves safe – such as antivirus software and email or spam filters – are surprisingly ineffective at staving off ransomware attacks. For example, according to the Datto report, 86 percent of ransomware victims had antivirus software installed, 65 percent had email or spam filters installed, and 29 percent had pop-up blockers (to avoid malicious pop-up messages) installed.
As Ryan Weeks, Chief Information Security Officer for Datto, points out, “Antivirus is still table-stakes as it does prevent from known malicious threats. That said, effective controls to more fully prevent infection of morphing threats like ransomware have surpassed the capability of traditional antivirus software and therefore requires a level down approach that looks at effective server hygiene, configuration processes and new technology that does not rely on prior observation.”
As a result of the growing sophistication of ransomware attacks, Datto suggests a multi-step approach to building general awareness within businesses about the scope of the problem, and then erecting the proper defenses to keep the ransomware attacks from ever infiltrating the organization. Simply training employees how to identify phishing attacks, for example, can play a big role. They should be made aware of how even simple user interactions (such as opening unknown attachments) can lead to big problems. Training should also focus on the need to encrypt files, protect private keys and install security software.
Moreover, suggests Datto, SMBs should think about having a business continuity & disaster recovery (BCDR) solution in place. This would help a business recover from an attack within a short period of time, even in as little as 24 hours, without the risk of significant business downtime that could cripple an organization.
The future of ransomware
Going forward, one thing is certain: ransomware attacks are only going to increase in frequency and intensity as long as small and mid-sized businesses fail to take adequate measures to protect themselves. And, perhaps most disturbingly, Datto also suggests within the report that ransomware will start to “get personal” by going after social media accounts, wearable devices, and IoT devices.
Imagine waking up one day to find your Facebook account “locked” unless you make a ransom payment to an anonymous hacker located halfway around the world. If the WannaCry ransomware attack did not make businesses sit up and take notice, hackers going after the social media accounts of employees might finally be the wakeup call that top business leaders need in order to be convinced that, yes, ransomware attacks might actually happen to them.