The victims lost an average of nine days to downtime and two and a half months to investigations, an analysis of revealed attacks shows
An analysis of 186 successful ransomware attacks on companies in the United States in 2020 has shown that companies lost nearly $ 21 billion due to attacks caused by downtime, according to technology website Comparitech. Compared to 2019, the number of detected ransomware attacks skyrocketed – by 245%.
“Our team aimed through several different resources – specialist -it news, data breach reports and state reporting tools – to gather as much data as possible about ransomware attacks on US companies. We then used data from studies of the cost of downtime to estimate a range for the likely cost of ransomware attacks to companies, ”said Comparitech, explaining its approach. However, it admitted that the numbers can only be a scratch on the surface of the ransomware problem.
On average, the affected companies lost nine days of downtime, and it took them about two and a half months to investigate the attacks and their impact on the company’s data and its systems. To put this in context, Comparitech estimates that ransomware attacks combined resulted in 340.5 days of downtime and a full 4,414 days of investigation. Downtime, however, varied, ranging from recovery efforts that took several months to minimal interruptions, especially thanks to solid backup plans.
Cybercriminals usually demanded ransoms ranging from half a million dollars all the way up to 21 million dollars. Some attackers also increased the ante by performing double-extortion attacks, pilfering data from victims’ systems before continuing to encrypt them with ransomware. With researchers estimating that the average price per Minute downtime is US $ 8,662 and adds reputation damage, no wonder some companies are willing to pay a ransom as a way to solve the problem quickly. Based on the estimate, the cost of downtime for U.S. companies was $ 20.9 billion. The analysis also found that the ransomware attacks resulted in more than 7 million individual registrations being dropped and / or misused, an increase of almost 800% compared to previous years.
In addition, the researchers noted a shift in the targets of ransomware attacks. While cybercriminals previously wanted to target educational institutions and public entities, in 2020 they shifted their focus to businesses and healthcare organizations. This could be chalked up to the pandemic as many schools and government organizations were closed and their systems down. Meanwhile, healthcare providers had to come through to take care of patients, and the pandemic forced many companies to switch to teleworking, which probably made it easier for them to hack.
What about 2021?
Based on this year’s trends and events, it is no wonder that Comparitech estimates that the cost to companies will increase further. If the second half of 2021 sees the same number of attacks as the first half (91), the numbers in 2021 will be in line with the 2020s – over 180 individual ransomware attacks. But with many attacks often revealed weeks or months after they occur, those numbers are likely to rise even higher in the coming months, suggesting that 2021 will be a record year for ransomware attacks on U.S. companies. Warned the company.
To find out why ransomware remains one of the biggest threats and how companies can defend themselves against it, we suggest reading up on our latest white paper, Ransomware: A Criminal Art with Malicious Code, Pressure, and Manipulation.