The fact should be well-known by now that ransomware attacks can lead to extremely unpleasant consequences for affected companies. Yet only few people know that Trojans have already threatened the existence of some enterprises or even drove them into bankruptcy. This article will highlight possible worst-case scenarios of a ransomware attack by an encryption virus.
It must be the ultimate nightmare for every enterprise: an employee is catching an encryption virus upon his computer. Subsequently, it won’t take long before bugs like the Trojan encryption virus has spread throughout the whole company’s network.
A similar case occurred to the biggest ocean carrier for container shipping worldwide: A. P. Møller Maersk. As the Danish group of companies communicated on Twitter they had to undergo a massive global breakdown of their IT systems.
We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.
— Maersk (@Maersk) June 27, 2017
According to the German Federal Office for Information Security BSI (= Bundesamt für Sicherheit in der Informationstechnik) that malware was the Cryptotrojan Petya. A. P. Møller Maersk reacted immediately with a partial shutdown of complete systems. This became necessary as the responsible people feared that the attack would have an impact on the navigating systems of the container ships and their safety would be endangered by the Cryptotrojan. Although the exact economic damage yet needs to be evaluated, the multi-day system outage will most likely have caused very high costs.
Ransomware attacks: which costs arise from an infection with a Cryptotrojan?
Experts estimate the average downtime caused by a Cryptotrojan attack lasts between 9 to 16 hours (see “Second Annual State of Ransomware Report”). For big enterprises like A.P. Møller Maersk, such outage times can quickly sum up to several million Euros of damage, but also smaller companies can suffer immensely from those consequences. All in all, several cost factors play a role for restoring the operational systems and removing the Cryptotrojan.
First of all, it is the loss of data arising if the affected company did not carry out regular backups in the past or made no backups at all. Editors of the study “Cost of Data Breach” estimated an average amount of 325 Euros for each data record getting lost by a ransomware attack. Thinking about thousands of lost records one can easily imagine the possible cost level for such a huge data loss.
In addition there are costs for analyzing the dimension of the attack. Above all, it has to be examined which units and data had been encrypted by which type of Cryptotrojan. Companies often consult teams of IT experts for an extensive research that may last some days. The costs for this external service can easily shoot up to five-digit amounts.
Additional costs may arise e.g. for lawyers and courts, public relation work and data recovering. Penalties shall be paid to regularity authorities as well as hours of overtime for the employees. Experts have determined an approximate benchmark for hospitals which had also been targeted by a Cryptotrojan. Only within the first week of the attack, the estimated cost level for the damage could amount to values between 630,000 Euros and 1.3 million. Of course, the exact damage sum will just depend on the hospital’s size and the availability of backups.
One-fifth of all enterprises declare insolvency after a Cryptotrojan attack
A ransomware attack may lead to a variety of possible effects for the companies concerned. Although most firms follow the experts’ advice not to pay the ransom demanded by hackers, there will be a number of negative consequences – no matter which decision might have been made.
According to an article on the IT platform “Gulli” 20 percent of the companies being targeted by a Cryptotrojan had to stop all operations temporarily. Further 15 % suffered considerable loss of sales. Also 25 % of the companies were not able to identify the gateway. Therefore, the bug could easily spread over the complete network.
Only correct prevention can avoid trouble
If bugs like a Cryptotrojan have once entered the company’s network, it would both be expensive and costly to restore the contaminated systems. The negative effects of a ransomware attack can only be avoided by adequate preventive measures. That’s why Hornetsecurity Advanced Threat Protection provides a whole bundle of safety mechanisms to protect against all types of selected attacks as well as malware.