victim costs 7 times higher than ransoms paid

Searching for checkpoints (CPR), the Threat Intelligence division of Check Point Software Technologies, has shared new insights into the economy related to Ransomware after further analyzing the Conti Group leaks and various ransomware victim datasets.

The ransom paid by the victim is a small part of the expenses caused by a ransomware attack, as CPR believes that the the total cost is 7 times higher.

Cybercriminals demand a sum corresponding to the annual income of the victim, which varies 0.7% to 5%. The duration of a ransomware attack has decreased significantly from 15 days to 9 days in 2021.

Check Point Research also noted that ransomware groups have ground rules for successful trading, influencing the trading process and dynamics.

CPR's research aimed to explore both sides of a ransomware attack: the victims and the cybercriminals.

Searching for checkpoints

A dataset is linked to Kovrr's Cyber ​​Incidents Database, which contains up-to-date information on cyber events and their financial impact; while the second set of data relates to leaks from the Conti Group.


    Top Check Point Research Findings

    1. Parallel cost. The ransom paid is only a small part of the cost of the ransomware attack for the victim. Check Point Research estimates that the total cost is 7 times greater than what it pays to cybercriminals, and consists of response and collection costs, court costs, follow-up costs.
    2. Well-considered sum of the ransom. The amount of money required depends on the victim's income and varies between 0.7% and 5% of annual income. Although the higher the annual income of the victim, the lower the percentage of income required will be, since this percentage represents a higher numerical value in dollars.
    3. Attack duration. According to analysis by Check Point Research, duration has decreased significantly in 2021, from 15 days to 9 days.
    4. Basic rules of trading. Ransomware groups adhere to clear rules for successful negotiation with victims, influencing the process and dynamics:
      1. Accurate estimate of the financial situation of the victim
      2. Quality of the data exfiltrated by the victim
      3. The reputation of the ransomware group
      4. Existence of cyber insurance
      5. The approach and interests of victims' negotiators

    The ransomware phenomenon in numbers

    Searching for checkpoints

    For the first quarter of 2022, Check Point Research shared the following data.

    • Globally, the weekly average of affected organizations is 1 of 53: a 24% increase compared to the previous year (1 in 66 organizations in Q1 2021).
    • In EMEAthe weekly average is 1 in 45: a 37% increase compared to the previous year (1 organization out of 62 in Q1 2021).
    • In Europethe weekly average of affected organisms is 1 in 68: a 16% increase compared to the previous year (1 in 80 organizations in Q1 2021).
    • In Asiathe weekly average is 1 of 24: a 54% increase compared to the previous year (1 organization out of 37 in Q1 2021).
    • In Asia-Pacific, the weekly average of impacted organizations is 1 in 44, an increase of 37% year-on-year (1 in 60 organizations in Q1 2021).
    • In Africa, the weekly average is 1 in 44 – a 23% increase over the previous year (1 in 54 organizations in Q1 2021).
    • In ANZ, the weekly average of affected organizations is 1 in 88, an increase of 81% on the previous year (1 in 160 organizations in Q1 2021).
    • In North America, the weekly average is 1 in 120 - no change from the previous year.
    • In Latin America, the weekly average of affected organizations is 1 in 52: a 25% increase over the previous year (1 in 64 organizations in the first quarter of 2021).

    How to protect against ransomware, advice from Check Point Software

    1. A data backup plan. The aim of the ransomware is to force the victim to pay a ransom to regain access to their encrypted data. However, this is only effective if the target actually loses access to their data. A robust and secure data backup solution is an effective way to limit the impact of a ransomware attack.
    2. Cyber ​​awareness training. the Phishing is one of the most popular ways to stream malware with ransom. By tricking a user into clicking on a link or opening a malicious attachment, cybercriminals can gain access to the employee's computer and begin the process of installing and running the ransomware program on it. Frequent cybersecurity awareness training is essential to protect your organization against ransomware.
    3. Strong and secure user authentication. Enforcing a strong password policy, using multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all essential parts of a company's cybersecurity strategy. organization.
    4. Patch update. Keeping computers up to date and applying security patches, especially critical ones, can help limit an organization's vulnerability to ransomware attacks.

    Check Point Software Commentary

    Sergei ChykevichThreat Intelligence Group Manager at Check Point Software, said: "In this research, we looked at both the perspectives of attackers and victims of a ransomware attack. We understand that the paid ransom, which is the most sought after data, is not a key figure in the ransomware landscape.

    Cybercriminals and victims appreciate many other aspects and financial details.

    It should be noted how systematic the attackers are in defining the amount of money demanded and in negotiating. Nothing is random and everything is defined and planned according to the factors we have described.

    It should be noted that for victims, the “parallel cost” of ransomware is 7 times higher than the ransom they pay. Our advice is to have adequate cyber defenses in place in advance, especially a well-defined response plan to ransomware attacks, can save organizations a lot of money.".

    Read all our cybersecurity articles

    Leave a Reply

    Your email address will not be published.

    Go up