Ransomware Attack Cost - Data Recovery Cost vs. Paying the Ransom Cost
Ransomware is one of the most damaging, effective, and pernicious methods of extorting cash out of their victims available to hackers to date. There is a multitude of ways to get infected, and it only takes a momentary lapse of judgment or a single weak link in your online-security for a device, or even an entire network of devices, to succumb to an infection. And it's all downhill from there.
Naturally, the best protection from ransomware is to avoid dealing with it altogether – follow the industry recommended best practices. Never download suspicious files, enable macros on strange documents, click on dubious links, or follow instructions found in unsolicited emails. Have an updated anti-malware solution installed on your device at all times—things like that.
Unfortunately, if you don't do that diligently enough, or if the malicious actors are crafty and determined enough, you may still end up locked out of your PC, with all your files encrypted, with a ransom note that demands that you pay in bitcoin. So what should you do at that point?
Naturally, what you should do next depends on the circumstances you find yourself in. However, in order to make an informed decision under pressure in such a difficult situation, you need to be aware of the following statistics:
- Only 26% of victims whose data was encrypted got their data back by paying the ransom. So even if you do it, there's a high chance that you won't get your data back.
- Even if you pay the ransom, doing so usually doubles the cost of dealing with a ransomware attack. Even "honest" hackers that are willing to release their "hostages" once the ransom is paid have a tendency to just drop the victim a decryption key and leave said victim to deal with the situation. Yes, technically, they have given the victim the tool that can theoretically be used to restore the encrypted files – but unless the target of the attack was a cyber-security expert to begin with, they wouldn't be able to utilize that tool. The victim will end up having to pay both the ransom that the crooks demanded, and then hire a cyber-security expert to decrypt their files.
- More than 60% of businesses go bankrupt up to six months after suffering a ransomware attack. This could be for a variety of reasons, some financial, some having to do with a ruined reputation, and some – with the fact that similar attacks compromise the security of a business' clients, not only the company itself.
- The average cost of a ransomware attack to a business hovers at about half a million dollars. That includes monetary losses, recovery times, fees for services rendered to recover from the attack, etc.
This is why industry experts recommend that users NEVER even consider paying the ransom to the crooks that attacked your system. While the temptation to do so and just be done with it may be there, it will probably not work, and will certainly cost you more than just the ransom.
On the flip side, if a company has a good data backup plan, recovering lost data is way less costly. Yes, it's still downtime, which is annoying at best and a serious problem for business at worst, but losing a few hours or a few days of work, and spending some time setting up your system once more is not the same as losing your entire body of work. Naturally, this will only be possible if the victim had taken the time and effort to prepare for such an eventuality.
And while we're on the subject of preparedness for bad eventualities, there are insurances that cover cyber-attacks that may help mitigate the effects said the attack has on the victim. Note, however, that not all of them cover the specific case of ransomware attacks.
Additionally, a cyber-security expert may be able to recover some data that the hacker seemingly got to encrypt. This is a viable option for recovering data if the attacker's skill set and the tools he used aren't that sophisticated. Overall, the success rate of recovering data without paying the ransom is twice as good as that of paying it, but naturally, the results depend on many variables. It's a calculated risk and one that the victim will have to choose to take themselves.
However, said unfortunate users should always keep in mind that the odds of recovering their data by paying ransom are bad.