KLC Consulting provides updates on the latest ransomware trends and risks briefing, so check back often.
Trends
- 37% of companies experienced ransomware attacks; 32% paid the ransom to get the data back (Jan -Feb 2021)1
- 40% of reported ransomware attacks were in The U.S.; 29% of the victims recovered less than half of their data after paying a ransom1
- Successful ransomware attacks in 2021 have doubled compared with 2020 during the same period1(Total ~65,000 in 20202)
- Recent high-profile victims paid significant ransom demands, e.g., Colonial Pipelines: $4.4M3; JBS: $11M3; CNA Financial: $40M4
- Total average cost of recovery from a ransomware attack is close to $2M in 20211(Merck’s recovery from 2017 attack: $1.3B5)
- Double extortion – Victim’s customers & suppliers also received ransom demands in exchange for destroying their stolen data
Challenges
- Ransomware criminal ecosystems are getting more sophisticated and cheaper to operate
- Companies are usually not ready for ransomware attack response; lack of corporate incident response plan for ransomware
What Should A Company Do?
- Conduct an independent assessment by a third-party firm on Corporate Incident Response Readiness for Ransomware in IT, PR, Communication, Legal, Insurance, Law Enforcement, Leadership Team, and Staff Training
- Conduct an independent evaluation on your capability in ransom negotiation and payment initiation (if choosing to pay a ransom)
- Conduct emergency drills to test and improve the cyber incident response plan effectiveness
- Independently assess your IT’s capabilities in resiliency, prevention, detection, response, backup/recovery, and investigation