The security industry has been aware of the threat that ransomware variants of malware pose. However, this week everyone got another look at exactly how costly a ransomware attack can be.
Earlier this year the Hollywood Presbyterian Medical Center has found its network essentially shut down by a ransomware attack. It was bad enough that patients were diverted to other hospitals and staff had to rely on phone calls and fax machines to get the work done that would normally be handled by computers.
The cost the attackers want to give the HPMC their network back? $3.6 million.
That number gets to the root of one of the real problems with how everyone’s talking about cryptoware – we usually think of the cost on a per-machine basis. The general consensus is that the cost to un-encrypt a machine that’s been hijacked by ransomware is around $300-600. That’s not nothing – but it’s also not a number that is going to put most companies out of business.
$3.6 million is a different story.
Let’s take another look at the way the money side of ransomware works. Traditionally, the price tag attackers have put on unlocking a computer’s files has been around that $300 mark. The reason for that is pretty simple – it’s a number people are willing to pay on a regular basis. Ransomware’s a little different that a lot of other forms of malware. It doesn’t exist just as a troll – it exists to make money. It’s not unreasonable to think your average freelance graphic designer is going to scrape together a few hundred bucks to make sure their last five years of work doesn’t disappear.
However, your company probably has more than one machine. If ransomware makes its way through your whole network, you’re looking at the possibility of paying that $300 for each one of them. You may be able to afford $300 for one machine, but can you cover the bill for 100 of them?
Also, keep in mind that we’re still relatively early into the life cycle of ransomware. As security measures get stronger and more criminals work to get a piece of the action, we’re likely to see the ransoms involved increase. (For someone running a ransomware operation, fewer infected machines means fewer chances to profit, so the only way to make up for that is to push the profitability of each infection higher.)
There’s a good chance that when the industry talks about ransomware, we’ll keep saying ransoms are around $500 to unlock one machine. That’s not the number your company needs to worry about, though. The Hollywood Presbyterian Medical Center would have been happy to pay $300 per machine. When you’re thinking about defending against ransomware, don’t do your cost/benefit analysis based on a few hundred bucks.
If your options are losing all your files and firing up your old fax machine, paying $3.6 million dollars, or putting together a comprehensive security plan before hand, what makes the most sense for your business?