Cybercriminals are continuing to target businesses globally through ransomware attacks. It is estimated that by 2021, a ransomware attack will take place every 11 seconds. As ransomware continues to become more widespread, businesses will need to reassess their cybersecurity strategy. It is vital to assess the impact of ransomware attacks on business operations and focus on prevention to mitigate the risks.
How Do Ransomware Attacks Occur
Ransomware is a form of malicious software targeted at various types of organisations and designed to restrict employees from accessing their computers or files and data stored on computers. Hackers and cybercriminals use ransomware to illegally take control of business systems and data in exchange for money or cryptocurrency.
It is believed that the first ransomware prototype originated in 1989, designed as a Trojan prototype attack on 20,000 compromised diskettes. The Trojan worked by encrypting file names on a customer's computer and restricting access to directories. Those who were affected were asked to pay $189 to a mailbox in Panama.
Since then, ransomware attacks have evolved in magnitude and continue to target organisations regardless of size and location. The U.S. Department of Justice defines ransomware as a new model of cybercrime with the potential to cause an impact on a global scale.
Impact on Organisations
Ransomware attacks can cause extensive downtime and loss of revenue. As witnessed across many industries globally, including local authorities, global manufacturing, logistics, healthcare providers, higher education and financial services. Below are some of the devastating consequences of ransomware attacks on businesses:
Disruption to Business Operations
Ransomware blocks access to critical files and data with hackers demanding that businesses pay up to regain access. At the outset, the loss of customer data and business applications are affected which are critical for business continuity. Without access to either, operations are severely affected, leading to disruption to service and unhappy customers.
When the cyberattack has subsided, recovery from backup and restoring encrypted systems is possible. However, research by Intermedia indicates that nearly three out of four companies infected with ransomware suffer two days or more without access to their files. Around 30% go five days or longer without access.
The up-front costs of paying a ransom to cybercriminals, which many organisations end up doing, causes a massive burden on businesses financially. It is estimated that malware operators such as Ryuk ransomware demand an average of £220,000 for the release of systems, compared to the £7,000 average price demanded by criminal gangs. Some cybercriminals also ask for the ransom to be paid in cryptocurrency such as bitcoin. Cybersecurity Ventures predicts cybercrime damages will cost the world $6 trillion annually by 2021.
Businesses also need to account for the costs incurred in the recovery and restoration of business operations.
Many of the recent ransomware attacks have targeted high-profile organisations. These organisations were left with no choice but to reveal to customers and the public that they suffered a ransomware attack and information breach. Such public admission can often result in loss of trust from customers, investors and stakeholders. Reputational damage can also impact company stock price, business longevity, client retention and new business.
Notable Ransomware Attacks
WannaCry ransomware attack is a global cyberattack that began in May 2017 targeting vulnerabilities in the Microsoft Windows operating system. Access to user files was restricted in exchange for a Bitcoin ransom. The WannaCry ransomware attack affected around 230,000 computers globally. A third of NHS hospital trusts and surgeries were impacted by the ransomware attack. It is estimated to have cost the NHS £92M with 19,000 appointments cancelled as a result of the attack. Globally, this cybercrime is estimated to have cost $4 billion in losses.
Various Organisations Across the US
Between 2016 and 2020, many governmental and transport bodies across the US suffered from ransomware attacks:
- Hollywood Presbyterian Medical Centre suffered a ransomware attack in February 2016. It led to shutting down of several departments and patients diverted to other medical centres while staff recorded registrations and logins using paper and fax. The medical centre ended up paying a ransom of 40 bitcoins, then worth $17,000.
- In 2016, San Francisco transport system was targeted by a ransomware attack affecting 2,000 computers. The attack did not impact the rail and bus network. It did, however, take down ticketing machines and servers resulting in passengers unable to buy tickets and enjoying free train and bus rides. Hackers demanded 100 bitcoins worth $70,000 which was never paid out.
- In March 2018, Atlanta City discovered ransomware had affected several customer-facing systems including billing systems. The hackers demanded a ransom of $51,000 which was not paid. It is estimated that it took Atlanta City $17M to make a full recovery.
- In June 2019, two Florida City governments fell victim to ransomware attacks that locked down their IT systems. Riviera Beach paid a ransom of $61,000 in bitcoin while Lake City paid $460,000 to the attackers.
- In February 2020, La Salle County's governmental offices were hit by a ransomware attack, affecting email accounts, limited access to files and leaving many county services resorting to run the old-fashioned way - by pen and paper. The county declined to pay the ransom, but recovery is expected to cost $500,000, including $66,250 on new equipment.
- In June 2020, The University of California San Francisco (UCSF) suffered a devastating ransomware attack targeting a limited number of servers within the School of Medicine. It is believed that UCSF agreed to pay a portion of the ransom, approximately $1.14M, in exchange for a decryption tool to unlock the encrypted data.
In March 2019, global aluminium maker Norsk Hydro was hit by a devastating ransomware attack. The attack affected over 22,000 computers across 170 office locations in 40 countries. Norsk Hydro refused to pay the hackers and have since spent over £45M in recovery and repair of systems.
Blackbaud Data Breach
In 2020, US cloud software supplier, Blackbaud, managed to prevent an attempted ransomware attack. However, the hackers were able to copy a large subset of customer data which they then offered to delete for an undisclosed ransom. Blackbaud paid the ransom to delete the information and received confirmation that the data was destroyed. Since then, more than 120 educational and third-sector organisations, including many UK universities and the National Trust, have come forward to reveal that their data was compromised in the attack.