Ransomware costs more than just ransomware!

In 2020, we saw a sharp increase in ransomware. This is partly due to the reduced security of working from home a lot. For cybercriminals, this is right up their alley and they apparently make a good living from it. Those who are hacked once and see data encrypted face hefty costs. Or at least the dilemma: do I pay the ransom or not? What are measures worth relative to cost? In Amsterdam and other large cities, it is sometimes jokingly said that your lock should be more expensive than your bike. To add a nuance in “our” case: it’s not just about what the bike is worth, but the freedom to get on the bike and go somewhere. If you lose 5,000 euros because you missed an appointment because your bike was stolen, an expensive lock is well worth the bike.

More than ransom

When it comes to ransomware, you can’t just think about the ransom you might have to pay. There are more costs involved in a hack. You could easily list five points where the money counter starts running in the case of ransomware.

1. Downtime

As long as your data is encrypted, you can’t work. Your business or organization is at a standstill. In the best case, you can get back on track after a few days, but on average it takes 25 days for a company or organization to be up-and-running again. A U.S. study found that the cost of downtime is 23 times the ransom of the ransomware itself, due to lost revenue. You lose new customers. Existing customers cancel their orders because you can’t deliver. And you lose money through service contracts and the like. Even if you pay the ransom immediately and actually get your data back, you will face these downtime costs.

2. Double extortion

Especially in Europe, it is common for a hacker to not only encrypt the data and charge a ransom for the encryption, but also for the promise that the data will not be made public. A sore point for many companies. First, a company suffers reputational damage in the event of a data breach. Second, if such a data breach occurs, the Personal Data Authority is immediately on your doorstep with yet another fine. And third, angry customers.

And on

There are other costs involved in ransomware. What is already clear is that the bill is a multiple of the ransom itself. In our next blog, we’ll take a closer look at those costs, and count on that bill going up further.