Ransomware is Alive and Well…

Ransomware is alive and well…and coming to a device near you.

Why? It’s plain and simple, we make it profitable.  As long as we are willing to pay up, the cycle will continue. A lot of organizations, big and small, public and private, are paying ransoms to get back access to their own information.

Cyber-insurance is helping feed the beast. I’m not saying you don’t want it or need it, but like all insurance, it only pays out once the damage is done.  It never fully compensates for lost time for employees, access denied to your customers and potential impact of loss of future revenue, because of a hit to your organization’s reputation.   Also, it makes it easier to go ahead and pay ransoms, instead of investing in preventative and protective measures for your information.  And if your organization is a repeat offender, it may be harder and more expensive to get and keep Cyber-insurance.

Ransomware is nothing new and just being aware isn’t enough.  Organization’s need to take a proactive approach to fighting against, Ransomware, Crypto-jacking, etc..  Just hoping that your organization is not a target , is not a sound information security strategy.

Basic protection of your information does not have to be complex nor overly expensive.  The costs associated with a ransomware outbreak, pale in comparison to the costs of a proactive multi-layered defense-in-depth protection strategy.

  • Ransomware generates over $25 million in revenue for hackers each year. (Source: Business Insider)
  • More than half of ransoms were paid bitcoin.
  • The average ransom demand about $2,500 per incident.
  • Ten percent of all ransom demands are over $5,000. (Source: Datto)
  • Fewer than a third of organizations who pay the ransom receive all of their money back. (Source: Courant)
  •  The Better Business Bureau (BBB) says the annual loss to small business is around $80K on average. And the cost to the global economy for 2019 will hit more than $2 trillion.

Yes, ransomware is alive and well…but there are ways to dramatically reduce the risk and impact of an outbreak.  When it comes to information security/data protection, an ounce of prevention really is worth a pound of cure.