Ransomware cost US companies almost $21 billion in
downtime in 2020
The victims lost an average
of nine days to downtime and two-and-a-half months to investigations, an
analysis of disclosed attacks shows
An analysis of 186
successful ransomware attacks against businesses in the United States in 2020
has shown that the companies lost almost US$21 billion due to attack-induced
downtime, according to technology website Comparitech. Compared to 2019, the number of disclosed
ransomware attacks skyrocketed – by 245%.
“Our team sifted through
several different resources—specialist IT news, data breach reports, and state
reporting tools—to collate as much data as possible on ransomware attacks on US
businesses. We then applied data from studies on the cost of downtime to estimate
a range for the likely cost of ransomware attacks to businesses,” Comparitech
said explaining its approach. However, it did concede that the figures may be
merely a scratch on the surface of the ransomware problem.
On average, the affected
companies lost nine days in downtime and it took them about two-and-a-half
months to investigate the attacks and their impact on the company’s data and
its systems. To put into context, Comparitech estimates that, when combined,
ransomware attacks caused 340.5 days of downtime and a whopping 4,414 days of
investigation. However, the downtimes varied, ranging from recovery efforts
taking several months to minimal disruptions especially thanks to solid
backup plans.
Cybercriminals usually
requested ransoms ranging from half a million dollars all the way up to US$21
million. Some attackers also upped the ante by carrying out double-extortion
attacks, where they pilfer data from the victims’ systems before going on to
encrypt them with ransomware … which would lead to embarrassment and stock
devaluation at best, and to huge regulation penalties at worst. With
researchers estimating that the average cost per minute of downtime is US$8,662
and adding in the reputational damage, it’s no wonder some companies are willing
to pay the ransoms as a
way to fix the problem quickly. Based on the estimate, the cost of downtime to
American business was US$20.9 billion. The analysis also found that the
ransomware attacks resulted in over 7 million individual records being pilfered
or/and abused, an almost 800% increase compared to the previous years.
RELATED
READING: 5
essential things to do before ransomware strikes
Additionally, the
researchers noted a shift in the targets of ransomware attacks. While
previously cybercriminals would target educational institutions and government
entities, during 2020 they shifted their focus towards businesses and
healthcare organizations. This could be chalked up to the pandemic since many
schools and governmental organizations were closed and their systems were down.
Meanwhile, healthcare providers had to power through in order to tend to
patients, and the pandemic forced a lot of businesses to transition to remote
work probably making them
easier targets to hack.
What about
2021?
Based on the trends and
events of this year, it is little wonder that Comparitech estimates the costs
to businesses will rise further. “If the second half of 2021 sees the same
number of attacks as the first half (91), 2021’s figures will be in line with
2020s–over 180 individual ransomware attacks. However, with many attacks often
revealed weeks or months after they’ve happened, these figures are likely to
rise even higher over the coming months, suggesting 2021 will be a
record-breaking year for ransomware attacks on US businesses,” the company
warned.
To find out why ransomware
remains one of the top threats and how businesses can defend against it, we
suggest reading up on our recent white paper, Ransomware:
A criminal art of malicious code, pressure and manipulation.