The True Cost of Ransomware
- By Dawna M. Roberts
- Published: Jul 01, 2021
- Last Updated: Mar 18, 2022
You can’t open a newspaper or watch the daily news without hearing about another ransomware attack. The ransom figures have skyrocketed in only a few short months from thousands to millions. However, along with the payment of a ransom to safeguard data or unlock files, other hidden costs come with this trendy crime.
Heartland College and Cybersecurity
On October 5, 2020, Heartland Community College in Illinois experienced a cybersecurity attack. The incident locked more than 120 servers on campus and crippled computer systems. In the wake of that attack, the college has taken a hard-lined approach towards cybersecurity but not without paying a hefty price tag.
According to NDRdaily, “In a report to college trustees Tuesday, Heartland officials said the college has “made great strides toward adding to existing security efforts and enhancing those already in place.” Trustees also received the latest accounting of costs related to the attack.
- $190,000 to implement a new backup system (planned before the attack but moved up).
- $60,000 additional security enhancements.
- $250,000 expenses tied to recovery to date (most of which would be reimbursed by insurance).”
President of the college, Keith Cornille, pledges to spend an additional $1 million over the next year to improve the college’s IT systems even further. He implied that it might be an ongoing annual budget item for the foreseeable future.
“For years to come, we’re going to have to constantly think about this as a maintenance of effort just as we do with our heating systems and our other systems throughout the college,” said Cornille. “The key is to be as proactive as we can and mitigate the potential for future attacks through new systems with regard to filters for email systems that catch things quicker. More security with our hardware so we can identify exposures. The idea of working with external partners to continually scan our systems for opportunities that we may be seeing so we can get in there and fix them are all things that we will probably always do.”
Some additional impacts of the incident include creating a full-time cybersecurity position on staff to monitor networks and continually update systems to avoid any further intrusions.
Other changes include regular password resets for both faculty and students. In addition, the college has instituted MFA (multi-factor authentication) when students or staff use email and other resources on the network to prevent any unauthorized access.
Other Hidden Costs of Ransomware Attacks
On the surface, the ransom paid seems like the only cost of ransomware, but there are many other hidden costs as well.
Along with the vast expense of improving cybersecurity systems, hardware, and software, there is also the cost of insurance to protect against future attacks.
Lost time is another huge factor. Depending on the severity of the attack, a company may have to halt operations completely, costing huge profits to evaporate overnight. According to Acronis Security Solutions, “Nearly 3 out of 4 companies infected with ransomware suffer two days or more without access to their files.”
When ransomware affects healthcare organizations, it can even cost lives as healthcare workers struggle to provide care without access to files or equipment.
In the case of Colonial Pipeline and JBS Meats, supply chain interruptions can affect millions of vendors and customers in a variety of adverse ways.
The ransom figure itself has ballooned over the past year, and even smaller organizations typically lose an average of $713,000 per incident in ransom, damages, and clean-up expenses.
As a final warning to even the smallest businesses that believe they are invisible to ransomware gangs is, “71% of companies targeted by ransomware attacks have actually been infected, and half of successful ransomware attacks infect at least 20 computers in the company.”
