The fact should be well-known by now that ransomware attacks can lead to extremely unpleasant consequences for affected companies. Yet only few people know that Trojans have already threatened the existence of some enterprises or even drove them into bankruptcy. This article will highlight possible worst-case scenarios of a ransomware attack by an encryption virus.
It must be the ultimate nightmare for every enterprise: an employee is catching an encryption virus upon his computer. Subsequently, it won’t take long before bugs like the Trojan encryption virus has spread throughout the whole company’s network.
A similar case occurred to the biggest ocean carrier for container shipping worldwide: A. P. Møller Maersk. As the Danish group of companies communicated on Twitter they had to undergo a massive global breakdown of their IT systems.
According to the German Federal Office for Information Security BSI (= Bundesamt für Sicherheit in der Informationstechnik) that malware was the Cryptotrojan Petya. A. P. Møller Maersk reacted immediately with a partial shutdown of complete systems. This became necessary as the responsible people feared that the attack would have an impact on the navigating systems of the container ships and their safety would be endangered by the Cryptotrojan. Although the exact economic damage yet needs to be evaluated, the multi-day system outage will most likely have caused very high costs.
Ransomware attacks: which costs arise from an infection with a Cryptotrojan?
Experts estimate the average downtime caused by a Cryptotrojan attack lasts between 9 to 16 hours (see “Second Annual State of Ransomware Report”). For big enterprises like A.P. Møller Maersk, such outage times can quickly sum up to several million Euros of damage, but also smaller companies can suffer immensely from those consequences. All in all, several cost factors play a role for restoring the operational systems and removing the Cryptotrojan.
First of all, it is the loss of data arising if the affected company did not carry out regular backups in the past or made no backups at all. Editors of the study “Cost of Data Breach” estimated an average amount of 325 Euros for each data record getting lost by a ransomware attack. Thinking about thousands of lost records one can easily imagine the possible cost level for such a huge data loss.
In addition there are costs for analyzing the dimension of the attack. Above all, it has to be examined which units and data had been encrypted by which type of Cryptotrojan. Companies often consult teams of IT experts for an extensive research that may last some days. The costs for this external service can easily shoot up to five-digit amounts.
Additional costs may arise e.g. for lawyers and courts, public relation work and data recovering. Penalties shall be paid to regularity authorities as well as hours of overtime for the employees. Experts have determined an approximate benchmark for hospitals which had also been targeted by a Cryptotrojan. Only within the first week of the attack, the estimated cost level for the damage could amount to values between 630,000 Euros and 1.3 million. Of course, the exact damage sum will just depend on the hospital’s size and the availability of backups.
One-fifth of all enterprises declare insolvency after a Cryptotrojan attack
A ransomware attack may lead to a variety of possible effects for the companies concerned. Although most firms follow the experts’ advice not to pay the ransom demanded by hackers, there will be a number of negative consequences – no matter which decision might have been made.
According to an article on the IT platform “Gulli” 20 percent of the companies being targeted by a Cryptotrojan had to stop all operations temporarily. Further 15 % suffered considerable loss of sales. Also 25 % of the companies were not able to identify the gateway. Therefore, the bug could easily spread over the complete network.
Only correct prevention can avoid trouble
If bugs like a Cryptotrojan have once entered the company’s network, it would both be expensive and costly to restore the contaminated systems. The negative effects of a ransomware attack can only be avoided by adequate preventive measures. That’s why Hornetsecurity Advanced Threat Protection provides a whole bundle of safety mechanisms to protect against all types of selected attacks as well as malware.
The current wave of crypto-viruses is causing quite a stir. End users such as companies are afraid that the data on their computers could be encrypted. A recent example shows that these concerns are not unfounded and even entire administration departments can be paralyzed. But what security measures can companies and individuals use to protect themselves against malware?
Daniel Hofmann has four tips that can greatly increase the protection of your own hardware:
Software updates: Every user and every company should be sure to keep their software up to date in order to minimize existing security vulnerabilities.
Protect access points: The two main gateways for malware are the internet and emails. Appropriate services such as spam and virus filters or Hornetsecurity’s Webfilter Service can close down these paths.
The users themselves: Each and every user shares responsibility for malware being able to penetrate via email. No one should completely rely on possible upstream services: each email should be critically checked to determine whether the sender is known or whether an order was actually placed, with the aim of detecting a fake invoice in the email attachment.
Backups: Users and companies should regularly backup their data, either to external storage devices or cloud storage services such as Hornetdrive.
The last point needs to be discussed in more detail at this point because encrypted files can be automatically synchronized and uploaded even with cloud storage services. If this actually occurs, a versioning function of stored files helps with storage services such as Hornetdrive. After all, the user can continue to access unencrypted versions of the files. As they are securely stored in the Hornetdrive cloud, the CryptoLocker cannot access these old versions of the files. Old versions are only deleted if the number of versions in a drive is limited and there are too many versions of respective file. With Hornetdrive, the desired number of versions for a drive can be individually set in the Client.
The new Cyberthreat Report
Cyberthreat Report 2021
The brand new Cyberthreat Report tells you all about current cyberthreats and gives you access to exclusive numbers and statistics.