Skip to main content

Understanding the cost of ransomware attacks and a guide to preparing your clients

February 2, 2024

In today’s ever-evolving and tech-forward world, cyberthreats are an unfortunate reality. Cybercrime impacts businesses regardless of their size, industry focus or cybersecurity budget. These threats are increasingly complex as cybercriminals deploy new and sophisticated tactics to exploit business networks for financial gain.

One common and damaging way cybercriminals target businesses is through ransomware attacks, which are among the most costly cyberthreats faced by organizations, totaling an average of more than $4.5 million in losses per incident (not including the actual ransom payment).

What’s worse, the threat of ransomware is ever-present, with a staggering surge of these attacks by 240% in the last decade.1

A laptop, a cup of coffee, and a notebook with ripped pages sit on a wood tableGiven the dramatic increase in the number of ransomware attacks over the past decade, understanding and mitigating this threat is essential.

While many organizations understand the importance of preparing for attacks such as these, few understand the mechanics of ransomware attacks and the true extent of the damage they can cause.

View the infographic: A guide to guarding against and responding to ransomware attacks

What are ransomware attacks?

Ransomware refers to a type of malware that gains access to and encrypts a victim’s systems, devices or files, locking users out of their own networks. Once inside, the attacker then demands  a ransom, often in the form of digital currency, for the victim to regain access to their data or systems. If the demands are not met, the encrypted files remain unavailable, or data may be deleted.3 In more sophisticated schemes, attackers may exfiltrate data before locking systems, allowing them to extort even more from companies by threatening to disclose or sell their data if they don’t pay.

How are ransomware attacks deployed?

Indiscriminately targeting businesses of all sizes and operations, cybercriminals can infect a business network with ransomware in a variety of ways, including tricking users into clicking malicious links in an email (i.e., phishing scams), downloading a corrupted file, taking advantage of poorly secured network ports or using “wormable” forms of ransomware that exploit network vulnerabilities. Victims are targeted through two types of campaigns4:

Opportunistic ransomware campaigns: Cybercriminals cast a wide net to gain access to a business’s system. In these campaigns, ransomware attacks are mostly automated and are primarily spread through user-initiated actions. For instance, an employee could unknowingly open a malicious attachment in an email or visit a compromised website.

Strategic ransomware campaigns: Cybercriminals select a target or group of targets. In these campaigns, ransomware attacks are not as automated and are instead based on a victim’s profile. Strategic ransomware campaigns target victims based on their reliance on computer systems, the sophistication of their network protections and whether or not the victim is believed to have the means to pay the ransom. These higher-effort campaigns generally result in much better payouts for criminals.

Ransomware attacks are constantly evolving, and it’s easier than ever to conduct these attacks. This makes ransomware protection a critical aspect of cybersecurity. Understanding how ransomware works and the common deployment techniques can help organizations better protect themselves from these cyber threats.

How businesses can protect themselves

The best defense against a ransomware attack? Prevention and preparedness, key components include adopting a culture that prioritizes cybersecurity, while investing in advanced technologies.

To protect their operations, businesses should consider the following strategies recommended by the Cybersecurity and Infrastructure Security Agency (CISA)8:

  • Train employees on the different kinds of ransomware and what to look out for; employees should know how to spot potentially malicious links, attachments and websites, and understand how to report issues to their IT department
  • Create a data backup and recovery plan for all critical information
  • Block malicious IP addresses using firewalls
  • Use application whitelisting to execute only programs known to be safe
  • Patch networks and update systems regularly; vulnerable applications and operating systems are the targets of most attacks, and patching them reduces the number of entry points available to an attacker; businesses should also ensure that antivirus software is up to date and that they use strong spam filters to prevent malicious emails from reaching end users
  • Restrict employees’ ability to install and run potentially malicious software; employees should be able to access only the systems required for their roles, ensuring that employees don’t have access to more data than they need, which can help businesses contain an attack more quickly should one occur

Additionally, having a well-planned incident response plan for ransomware and other cyber-attacks is not just recommended, but crucial. Plans should account for employee training and drills to ensure that staff members understand what to do in the event of a cyberthreat. Plans should also include clear communication strategies to ensure that key stakeholders can disseminate critical information during emergencies, especially while computer systems are compromised. Plans should also be reviewed regularly to ensure they account for the latest threats.

As you work with clients to consider securing a cyber insurance policy, share this infographic outlining a ransomware attack scenario with suggestions to prevent such incidents and summarizes the associated cyber insurance claims process.