The cost of ransomware is 7 times higher than the ransom

Check Point Research (CPR) shares new insights into the ransomware economy after further analysis of the Conti group leaks and different sets related to ransomware victims.

The ransom is a small fraction of the actual cost to a ransomware attack victim, as CPR estimates the total cost is 7 times higher. Cybercriminals demand an amount corresponding to the victim's annual income, which ranges between 0,7% and 5%.

ransomware

The duration of a ransomware attack was significantly reduced in 2021, from 15 days to 9. CPR also noted that ransomware teams have clear basic rules for successful dealings with victims, which affect the negotiation process and dynamics.

CPR analyzes datasets to explore both sides of the ransomware attack: that of the victims and that of the cybercriminals

CPR distributes ransomware numbers by region for the first quarter of 1, compared to the first quarter of 2022.

Check Point Research (CPR) analyzed two sets of data to obtain new information on the ransomware economy, estimating that the ransomware's side cost to victims is 7 times greater than the ransom paid.

The first set of data was the Kovrr Cyber ​​Incident Database, which contains the latest information on cyber incidents and their financial implications.

The second set of data used was the Conti group leaks. The CPR investigation aimed to investigate both sides of a ransomware attack: both victims and cybercriminals.

Contents hide
Key Findings
Ransomware through Numbers
How to protect yourself from Ransomware

Key Findings

Side costs. Ransom is a small part of the cost to the victim of a ransomware attack. CPR estimates that the total cost of the attack is 7 times higher than what the victim pays to cybercriminals and relates to response and rehabilitation costs, court fees and surveillance costs.
Final sum. The final ransom amount depends on the victim's annual income and ranges between 0,7% and 5% of it. While the higher the annual income of the victim, the lower the percentage of income that will be claimed, as this percentage represents a higher numerical value in dollars.
Duration of the attack. The duration of a ransomware attack was significantly reduced in 2021, from 15 days to 9 days.
Basic trading rules. Ransomware groups have clear basic rules (as follows) for successful trading with their victims, which affect both the trading process and the dynamics of trading:

a. Accurate assessment of the financial situation of the victim

b. Quality of data filtered by the victim

c. The ransomware team reputation

d. The existence of cyber insurance

e. The approach and interests of the victims' negotiators

Comment:  Sergey Shykevich, Threat Intelligence Group Manager at :

"In this research, we provide an in-depth look at the prospects of both attackers and victims of a ransomware attack. What we are actually learning is that ransom, which is the number that most surveys deal with, is not the basic number in the ransomware ecosystem. Both cybercriminals and victims have many other financial issues and concerns regarding the attack. It is remarkable how systematic these cybercriminals are in determining the amount of ransom and in negotiating. Nothing is accidental and everything is defined and designed according to factors. It is noteworthy that for the victims, the "collateral cost" of ransomware is 7 times higher than the ransom they pay. "Our message to the public is that building a proper cyber defense in advance, and in particular a well-defined ransomware response plan, can save organizations a lot of money."

Ransomware through Numbers

For the first quarter of 2022, CPR divides the following numbers:

  • Globally, the weekly average of affected organizations is 1 in 53 - an increase of 24% on an annual basis (1 in 66 organizations in the first quarter of 1)
  • In the EMEA, the weekly average of affected organizations is 1 in 45 - an increase of 37% per year (1 in 62 organizations in the first quarter of 1)
  • In APAC, the weekly average of affected organizations is 1 in 44 - an increase of 37% per year (1 in 60 organizations in the first quarter of 1)
  • In Africa, the weekly average of affected organizations is 1 in 44 - an increase of 23% on an annual basis (1 in 54 organizations in the first quarter of 1)
  • In ANZ, the weekly average of affected organizations is 1 in 88 - an increase of 81% on an annual basis (1 in 160 organizations in the first quarter of 1)
  • In Asia, the weekly average of affected organizations is 1 in 24 - an increase of 54% on an annual basis (1 in 37 organizations in the first quarter of 1)
  • In Europe, the weekly average of affected organizations is 1 in 68 - an increase of 16% per year (1 in 80 organizations in the first quarter of 1)
  • In North America, the weekly average of affected organisms is 1 in 120 - no change per year
  • In Latin America, the weekly average of affected organizations is 1 in 52 - a 25% increase on an annual basis (1 in 64 organizations in the first quarter of 1)

How to protect yourself from Ransomware

Powerful data backup. The aim of ransomware is to force the victim to pay a ransom in order to regain access in its encrypted data. However, this is only effective if the target actually loses access to their data. A robust, secure data backup solution is an effective way to mitigate the impact of a ransomware attack.

Cyber ​​awareness training. Fishing emails are one of the most popular ways of spreading ransomware. By tricking a user into clicking a link or opening a malicious attachment, cybercriminals can gain access to the employee's computer and begin the process of installing and running ransomware on it. Frequent cyber security awareness training is vital to protecting the body from ransomware.

Powerful, secure user authentication. Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all critical elements of an organization's cyber security strategy.

Updated versions . Keeping computers up-to-date and implementing security patches, especially critical ones, can help reduce an organization's vulnerability to ransomware attacks.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.086 registrants.

ransomware

ransomware, ransomware attack, ransomware ελλαδα, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

One Comment

Leave a Reply

  1. The text is full of syntax errors, obviously due to the automatic translation by translate and it is not the first time. If you spent 15 minutes with the article after the automatic translation it would be more understandable and more relaxing for the reader.

    Απάντηση

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).