Understanding the costs of a ransomware attack

Understanding the costs of a ransomware attack

As time goes by Ransomware is becoming more virulent and a major threat to the digital landscape. The use of ransomware by cyber criminals makes it an effective and easy way to make money with low cost and high profits.

Paying the ransom is not a good idea due to the fact that the perpetrators say to the victims that they will have their data returned to them, but that is never really the case.

Such attacks have become so sophisticated, such as combining encryption with other tactics that puts pressure on targets to pay the ransom, which is a growing concern for a lot of organizations globally. Some very well known ransomware variants include Conti, Clop, and LockBit.

Double extortion attacks are being deployed and spreading like wild fire. These type of attacks involve the process of getting into the victim’s network, exfiltrating the sensitive information, getting rid of any backups so the victim will not be able to recover and then encrypting the data. This is before a ransom is demanded.

Triple extortion methods are now emerging adding a whole new level of sophistication to the table. This involves usually launching Distributed Denial of Servce attacks against the most critical infrastructure of the victim holding it at ransom.

With the new market of Ransomware as a service model, where anyone can execute ransomware attacks regardless of their skill set, such attacks are expected to become more sophisticated and harder to prevent.

Protecting against such attacks is an urgent priority for all personal and corporate users alike.

In the next few sections we will analyze the various components of a ransomware attack and costs involved with an attack.

Cost components in a ransomware attack.

there are two types of categories the costs can be broken down into.

  1. Tangible comprising of direct and indirect costs
  2. Intangible
Direct tangible costs defined.

This type of costs is the first type of cost that an organization has to fork out when an attack is detected. These costs include activities related to the investigations, customer compensation, any legal fees, penalties, etc.

Indirect tangible costs defined.

These costs are the secondary costs incurred by the company. These expenses are usually attributed to effort put in, as well as the resources used by the organization. Some examples include refreshing accounts, communication around the attack resolution, loss from downtime due to needing to restore from backups, etc.

Intangible costs defined.

These types of costs are ones that cannot be quantified and stem from loss of business opportunities and damaged reputation. These types of costs include loss of potential clients, decline in future profits, etc.

Ransomware attack factors that make an impact on the financial loss of a businesses.

There costs involved with a ransomware a take can be enormous. The factors are:

  1. Ransomware payment.
  2. Downtime.
  3. Legal Expenses
  4. Reputational Damage.
  5. Recovery Costs, etc.

If businesses understand the costs involved in a ransomware attack it will allow upper management to understand and mitigate any risks involved with ransomware cyber attacks.

Payment of the Ransom.

The payment of the ransom is the obvious direct cost associated with such an attack. The attackers promise the exchange of the decryption key that will unlock the encrypted data or machines once payment has been made. Payment of such ransom is made in cryptocurrency which makes it hard to trace with amounts requested varying greatly. It is estimated that damages incurred due to cyber crime will increase by 15% per year and by 2025 it is estimated to reach $10.5 trillion USD annually.

It is advised by experts not to pay the ransom given the fact it supports the criminal activity that these individual carry out but also there is no guarantee the encryption key given will allow the data and systems to be fully restored. In certain cases paying the ransom has resulted in higher ransom amounts being demanded. Also paying the ransom is also illegal in most cases.

Downtime as a result of a ransomware attack.

Ransomware attacks can cause major down time for businesses, schools and hospitals. Around 3 weeks of downtime happens when a successful ransomware attack happens. Even if an organization has significant IT resources recovering from such an attack is time consuming.

After an attack a companies users will have a tough time accessing any data on the corporate network as well as investigating the root cause of the ransomware attack. Recovery would be slow and painful since many companies carry out recoveries manually which adds additional challenges.

It is important to note that the indirect costs of such an attack would be higher than the direct costs of such an attack.

Even if a business restores their data and infrastructure from backup without paying the ransom, there significant down time will still be encountered.

Governments and experts discourage paying any ransoms, but given the amount of downtime needed to recover it would result in major loss of productivity and interruptions to services.

Legal expenses incurred as a result of a ransomware attack.

Such attacks can lead to massive legal expenses for a business. Exfiltration of sensitive data can result in a legal battle from both customers or regulators, especially if the breach was due to service level agreements (SLA) or regulatory compliance requirements like HIPPA.

If we look at the Colonial Pipeline ransomware attack, the results of the legal action that were taken were hefty fines and settlements.

On top of direct compensation, the customers of the business that was attacked can also sue for damages due to increased risk of identity theft or credit card fraud which could result from the attack.

Firms that work with the compromised company might sue for loss of business, incident response costs and recovery expenses as a result of the attack. Such costs of lawsuits can be substantial and lead to expensive and extensive legal battles with costly settlements or fines being imposed.

It is important to note that if companies do not prevent data breaches, authorities can face huge penalties. Also any privacy violations, negligence, downtime and loss of business can possibly lead to lawsuits, fines and settlements.

Corporate Reputational damage and costs.

With the highly destructive and visible nature of a ransomware attack, those that become victims have no choice but to disclose that they were breached.

As a result this can garner an outcry of dissatisfaction from the businesses clients, investors and others with a vested interest in the company. While its easy to restore the data it is very difficult to regain the public’s trust, which will have a knock on effect on keeping existing customers as well as getting new businesses and even impacting the stock prices.

It was found by Forbes Insights that 46% of corporations have suffered reputational and brand value as a result of a cybersecurity incident. With such damage to the brand and its reputation this makes it harder for the business to attract new clients and partners.

According to research carried out by the National Cyber Security Alliance it was observed that 60% of small to medium sized businesses close after 6 months after becoming victim to a cyber attack. 86% of private sector victims noted that they had a loss of business and revenue after an breach.

As you can see the ramifications of a ransomware attack on ones business would be long lasting and severe. It would affect company growth, reputation and potentially its survival.

Recovery costs involved with a ransomware attack.

In addition to some of the costs mentioned in some of the previous sections one needs to include the cost to invest in cybersecurity measure to prevent future incidents from taking place in addition to the costs already accounted for in responding to such an attack.

It is also important to ensure that ones business has an incident response plan in place, this should also include any infrastructure costs that would reduce the risk of ransomware attack, backups, labor expenses and cybersecurity insurance premiums.

It is paramount to not under value the expenses needed to secure ones network from future attacks. Even if the ransom is paid and the compromised machines are freed, you cannot be sure that the attackers didn’t leave any back doors to be able to get back into your network.

Payment of the ransom there is still no guarantee that attackers will decrypt the machines, delete any stolen data or relinquish access to the compromised network. There is still the chance that the attackers could embed more malware on the compromised systems or even sell their unauthorized access to other criminal groups.

Upgrading of the infrastructure is paramount to prevent any further attacks. Costs of upgrades and incident response are a must to secure ones networks from additional attacks which are costs that those that have become victims fail to take into consideration.


Ransomware attacks are the fastest growing type of cyber crime. It is important to preventative measures by ensuring that systems are kept updated as well as ensuring strong password policies are in place. Lastly education of staff on safe browsing practices is also important.

With organizations being concerned about ransomware attacks, they might not have the man power to keep up with the latest and ever evolving threats. Ensuring a robust and proactive plan is in place should be able to reduce the negative impact of a ransomware attack.

Strong data security measures and protections can help prevent attacks and usher in a speedy recovery to avoid the high costs that come with falling victim to a ransomware attack.

Reach out to us on [email protected] for a consultation on how we can potentially improve your security posture.



Leave a Reply

Your email address will not be published. Required fields are marked *