Tag Archive for: Costs

Compromised backups send ransomware recovery costs soaring

/in


There’s a common misperception that to defeat ransomware attacks, organizations must simply back up their systems and data. Unfortunately, that’s not necessarily the case. Organizations must back up their systems and data, but they must also protect those backups as if their business survivability depended on it, because it likely does.

Consider a report from cybersecurity firm Sophos, published last month, revealing an alarming trend: Ransomware attackers increasingly target and compromise victims’ backups. And, in doing so, they are increasingly crippling the victim’s ability to recover maliciously encrypted files without having to pay the ransom demand.  

Based on a survey of nearly 3,000 organizations hit by ransomware in the past year, the study found that a staggering 94% of respondents reported attempts by cybercriminals to compromise their backups during the attack. In specific sectors such as state and local government as well as media and entertainment, this figure soared to 99%.

Attackers know that when potential victims can simply recover their systems and data from backups, the attacker loses their leverage. However, by successfully compromising backups, the script is flipped: Victims lose any leverage they may have. And this drives the costs of ransomware relatively high. Data from Sophos’s survey shows that organizations whose backups were compromised faced the following:

  • 63% higher rate of data encryption, 85% vs 52% if backups are not compromised.
  • More than double the median ransom demand at $2.3 million compared to $1 million if backups remain intact
  • 67% paid the ransom, compared to just 36% if backups were available
  • A median ransom payment of $2 million is nearly double the $1.062 million paid by those with secure backups

Backups are the start

There is good news here: Lots of organizations are backing up their data. That’s a great start in the successful recovery from a ransomware attack. The bad news is that not enough organizations are protecting these backups from attack. Sophos found that attackers have very high success rates in some industries. For instance, the success rate of energy utilities’ backup compromises reached 79%. However, in IT/technology…

Source…

Johnson Controls Ransomware Cleanup Costs Top $27M & Counting

/in


Johnson Controls International (JCI) spent $27 million remediating a September 2023 ransomware attack on its systems — an attack that government officials warned at the time could threaten physical security.

According to a filing with the US Securities & Exchange Commission (SEC) this week, the building automation, HVAC, and fire protection giant uncovered the attack the weekend of Sept. 23, after receiving reports of system outages. It was a ransomware hit that locked up internal IT infrastructure and allowed assailants to exfiltrate company data.

The filing didn’t mention which gang JCI determined to be behind the cyberattack, but at the time researchers attributed it to Dark Angels using a custom VMware ESXi encryptor.

“The company implemented its incident management and response plan and business continuity plans, including implementing remediation measures to mitigate the impact of the incident and restore affected systems and functions,” JCI noted in the SEC filing, adding that the $27 million price tag for the effort takes into account cyber insurance payouts, and includes the cost of retaining outside cybersecurity specialists.

The filing noted that the investigation and remediation efforts remain ongoing, “including the analysis of data accessed, exfiltrated or otherwise impacted during the cybersecurity incident,” and expects to spend more on the recovery as a result.

Contrary to fears floated by the Department of Homeland Security after the attack, JCI also said that there is “no evidence of any impact to its digital products, services, and solutions including OpenBlue and Metasys,” referring to its smart-building and AI-enabled lines of business, which are often deployed in industrial settings and bring operational technology (OT) together with IT systems.

Source…

Rackspace Ransomware Costs Soar to Nearly $12M

/in


Financial disclosures filed over the past year show that Rackspace Technology has continued to rack up expenses and losses following last year’s December ransomware attack on one of its hosted Microsoft Exchange servers. So far, the incident costs have soared well into eight figures.

Rackspace is a Texas-based, cloud computing services provider, largely for small and midsize businesses (SMBs), and declined to comment for this story on its financial statements. On December 2, 2022, a ransomware attack disrupted email services for thousands of its SMB customers by way of the ProxyLogOn zero-day vulnerability (CVE-2021-26855), which it had not patched due to operational concerns with the update.

By March of this year, Rackspace ransomware-related expenses reached $3.2 million, including remediation costs, legal fees, and other professional services, according to its 10-Q report. A subsequent 10-Q filing with the Securities and Exchange Commission (SEC) reported that first quarter expenses related to the cybersecurity incident were $1.7 million, and the second quarter’s amounted to $4.9 million, putting the new total for expenses for recovery at $6.6 million.

Fast-forward to Rackspace Technology’s most recent 10-Q, and the company has added another $5 million to the tally, with the caveat that the company expects a cyber insurance payout of $5.4 million. But even with a full insurance check, Rackspace is still out at least $6 million in bills related to this single ransomware attack, according to its disclosures.

Beyond expenses, in an August financial disclosure, Rackspace reported that it had already incurred losses of more than $10.8 million related to the ransomware incident, and that it is named in multiple lawsuits following the compromise.

For a company as large as Rackspace, the costs of weathering this cyberattack are a tiny fraction of its overall business. According to its financials, despite the ransomware cyber incident there was still enough money in the company coffers to fund a total of $222 million in stock buy-backs through July of this year using a $77 million cash on hand.

Other companies victimized by ransomware attacks might not be as financially well positioned to…

Source…

Ransomware hit usually costs PH firm about $1M, says Fortinet

/in


MANILA  -A Philippine company usually spends about P55 million or about $1 million to resolve a single data breach and pay off ransom to regain system access, according to cybersecurity company Fortinet, as perpetrators are financially motivated to keep on launching cyberattacks.

Fortinet Philippines country manager Alan Reyes, in press briefing on Thursday, said that the “financial gain is always there as a motivation for the people” to exploit corporate networks.

He said that the multi-million spending to recover data from ransomware — an attack that holds one entity’s data or system hostage until a ransom is paid — was the current “market price” companies are willing to pay.

However, Reyes stressed that paying off ransom does not guarantee absolute protection as perpetrators might just repeat the attack and demand money again.

According to the company’s “H1 2023 Global Threat Landscape” report, the daily number of cyber threats detected in the country during the second quarter was 17.7 million, an uptick from 15 million the previous quarter.

READ: 50% of firms with cyberdefenses still victimized

Broken down, most of the cyber threats are botnets, which can enable hackers to steal data, send spam and illegally obtain access to devices.

Reyes explained the increase in cyberattacks could have been aided by artificial technology (AI), which can help threat actors in creating their exploits.

Noushin Shabab, senior security researcher of Kaspersky’s Global Research and Analysis Team in Asia Pacific, previously explained that AI could be used in lodging advanced persistent threats, a cyberattack that seeks to obtain unauthorized access into a computer network and tends to avoid detection for an extended period.


Your subscription could not be saved. Please try again.


Your subscription has been successful.

Source…