The cost of ransomware is 7 times higher than the ransom

Check Point Research (CPR) is sharing new information on the ransomware economy after further analyzing Conti Group leaks and the various data sets associated with ransomware victims.

The ransom is a small fraction of the actual cost to a ransomware attack victim, as CPR estimates the total cost is 7 times higher. Cybercriminals demand an amount corresponding to the victim's annual income, which ranges between 0,7% and 5%.

ransomware

The duration of a ransomware attack was significantly reduced in 2021, from 15 days to 9. CPR also noted that ransomware teams have clear basic rules for successful dealings with victims, which affect the negotiation process and dynamics.

CPR analyzes two sets of data to explore both sides of ransomware attack: that of victims and that of cybercriminals

CPR distributes ransomware numbers by region for the first quarter of 1, compared to the first quarter of 2022.

Check Point Research (CPR) analyzed two sets of data to obtain new information on the ransomware economy, estimating that the ransomware's side cost to victims is 7 times greater than the ransom paid.

The first set of data was the Kovrr Cyber ​​Incident Database, which contains the latest information on cyber incidents and their financial implications.

The second set of data used was the Conti group leaks. The CPR investigation aimed to investigate both sides of a ransomware attack: both victims and cybercriminals.

Contents hide
Key Findings
Ransomware through Numbers
How to protect yourself from Ransomware

Key Findings

Side costs. Ransom is a small part of the cost to the victim of a ransomware attack. CPR estimates that the total cost of the attack is 7 times higher than what the victim pays to cybercriminals and relates to response and rehabilitation costs, court fees and surveillance costs.
Final sum. The final ransom amount depends on the victim's annual income and ranges between 0,7% and 5% of it. While the higher the annual income of the victim, the lower the percentage of income that will be claimed, as this percentage represents a higher numerical value in dollars.
Duration of the attack. The duration of a ransomware attack was significantly reduced in 2021, from 15 days to 9 days.
Basic trading rules. Ransomware groups have clear basic rules (as follows) for successful trading with their victims, which affect both the trading process and the dynamics of trading:

a. Accurate assessment of the financial situation of the victim

b. Quality of data filtered by the victim

c. The ransomware team reputation

d. The existence of cyber insurance

e. The approach and interests of the victims' negotiators

Comment:  Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software:

“In this research, we have provided an in-depth look at the perspectives of both attackers and victims of a ransomware attack. What we're essentially learning is that ransom, which is the number most research deals with, is not the number one in the ransomware ecosystem. Both cybercriminals and victims have many other financial issues and concerns when it comes to being attacked. It is remarkable how systematic these cybercriminals are in setting the ransom amount and negotiating. Nothing is random and everything is defined and planned according to factors. Notably, for victims, the "collateral cost" of ransomware is 7 times greater than the ransom they pay. Our message to the public is that building an adequate cyber defense in advance, and in particular a well-defined response plan to ransomware, can save organizations a lot of money.”

Ransomware through Numbers

For the first quarter of 2022, CPR divides the following numbers:

  • Globally, the weekly average of affected organizations is 1 in 53 - an increase of 24% on an annual basis (1 in 66 organizations in the first quarter of 1)
  • In the EMEA, the weekly average of affected organizations is 1 in 45 - an increase of 37% per year (1 in 62 organizations in the first quarter of 1)
  • In APAC, the weekly average of affected organizations is 1 in 44 - an increase of 37% per year (1 in 60 organizations in the first quarter of 1)
  • In Africa, the weekly average of affected organizations is 1 in 44 - an increase of 23% on an annual basis (1 in 54 organizations in the first quarter of 1)
  • In ANZ, the weekly average of affected organizations is 1 in 88 - an increase of 81% on an annual basis (1 in 160 organizations in the first quarter of 1)
  • In Asia, the weekly average of affected organizations is 1 in 24 - an increase of 54% on an annual basis (1 in 37 organizations in the first quarter of 1)
  • In Europe, the weekly average of affected organizations is 1 in 68 - an increase of 16% per year (1 in 80 organizations in the first quarter of 1)
  • In North America, the weekly average of affected organisms is 1 in 120 – none annually
  • In Latin America, the weekly average of affected organizations is 1 in 52 - a 25% increase on an annual basis (1 in 64 organizations in the first quarter of 1)

How to protect yourself from Ransomware

Powerful data backup. The purpose of ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses access to its data. A powerful, secure data backup solution is an effective way to mitigate the impact of a ransomware attack.

Cyber ​​awareness training. Phishing emails are one of the most popular ways to spread ransomware malware. Tricking a user into doing to a link or to open a malicious attachment, cybercriminals can gain access to the employee's computer and begin the process of installing and running ransomware on it. Frequent awareness training on in cyberspace is vital to protecting the organization from ransomware.

Powerful, secure user authentication. Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all critical of an organization's cyber security strategy.

Patch updates. Keeping computers up-to-date and implementing security patches, especially critical ones, can help reduce an organization's vulnerability to ransomware attacks.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

ransomware

ransomware, ransomware attack, ransomware ελλαδα, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

One Comment

Leave a Reply

  1. The text is full of syntax errors, obviously due to the automatic translation by translate and it is not the first time. If you spent 15 minutes with the article after the automatic translation it would be more understandable and more relaxing for the reader.

    Απάντηση

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).