Small But Deadly

Ransomware, that dirty corporate word. Why do we focus so much on it and why do we spend so much money to avoid it?  Lets start with the big numbers and then talk about the small organizations.

In 2023 an unknown company paid out $75 million USD to the Dark Angels Ransomware group, and it is just now causing headlines. Discovered last month, this payout is the largest ever public ransomware payment, eclipsing the previous largest ransom of $40 million paid by an insurance company in 2021.

The positive is that although these figures make the news, they are far from normal numbers. According to Sophos the average payment in 2023 was just $400,000 USD.

But that number looks to be going up – in 2024 so far the average payment has been $2 million USD.

Here in Canada the average is thankfully much lower, at $1.13 million CAD, according to Shing Digital partner Palo Alto Networks, although when you figure in the entire cost of recovery the average increases to $5.13 million CAD.

But this raises the question of how much a small or medium business is likely to pay. As majority of small businesses do not report their incidents, nor make the news, it is difficult to put a hard number to the ransomware average in Canada. Based on multiple consultants we were able to identify that small businesses pay between $30,000 to $650,000 on average. That is quite the spread, which makes it difficult to talk about the real “average”. However, here are more statistics which may be helpful:

46% of all cyber breaches impact businesses with fewer than 1,000 employees.

At 18%, malware is the most common type of cyberattack aimed at small businesses.

37% of companies hit by ransomware had fewer than 100 employees.

Small businesses receive the highest rate of targeted malicious emails at one in 323.

Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises.

87% of small businesses have customer data that could be compromised in an attack.

      
What we do know for sure is that paying the ransom is just the beginning. Criminals, by their nature are not trustworthy, and there is no guarantee that if you pay the money that they’ll unlock your data, or delete any data they stole.

According to Veeam, 33% of organizations which paid their ransom were still unable to recover their data.

Even after the data is recovered there is still a need to remediate the situation that allowed the attackers to get in.

It is also important to ensure the attacker didn’t leave a backdoor for themselves to re-enter the environment. According to some estimates, 78% of ransomware victims suffer repeat attacks.

Remediation is costly, and often requires significant downtime to core company systems. This leads to a situation in which the recovery costs can eclipse the cost of any actual ransom payout, with some estimates putting the cost of recovery at 10 times that of the ransom.

Depending on the industry reputational damage can also come along with the fallout from a ransomware attack, as can fines and sanctions for breaking regulatory requirements or allowing data to be leaked.

Additionally, it is estimated that in 94% of all ransomware cases in 2023 there was an attempt to compromise the company’s backups. Worse, in 57% of these cases, the attackers were successful!

So what can you do to protect yourself?

In addition to having a robust and secure environment kept up to date with the appropriate patches, keeping recent offsite backups which are not connected to any other systems will give you a baseline to which you can securely restore.

Cyber Insurance is also important, however it is not protection, rather it is a mitigation method.

Although insurance companies contributed in an estimated 83% of all cases, they only paid out 23% of total ransoms. This leaves a significant portion of the liability on the victim company itself, and doesn’t cover costs such as downtime, or other costs required to recovery.

Ultimately ransomware is a fact of life for businesses, and while there are no guarantees, the best way for any business to protect itself is to prepare itself and be ready.

Not sure where you stack up within the Cybersecurity risk level? Check out the following Cybersecurity Maturity Pyramid to identify where you are at and what you may still need to consider.

Picture of Author: Adam Macpherson

Author: Adam Macpherson

CS Controls Analyst

Fun Facts

with

Shing

A large part of northern Canada has lower gravity than the rest of the planet.

Fun Facts

with

Shing

There’s one bear for every two people in the Yukon.

Fun Facts

with

Shing

The first thanksgiving was celebrated in Newfoundland on May 27, 1578. The meal consisted of salted beef, biscuits, and peas.

Fun Facts

with

Shing

The coldest temperature ever recorded in North America was -63c in Snag, a small village in the Yukon.

Fun Facts

with

Shing

A Canadian robot named Dextre does repairs to the international space station.

Fun Facts

with

Shing

It’s legal to have a kangaroo as a pet in Alberta.

Fun Facts

with

Shing

Saskatchewan is the world’s largest exporter of mustard. The US eats most of it.

Fun Facts

with

Shing

At the end of WW2 Canada had the third largest navy in the world and 4th largest air force.

Fun Facts

with

Shing

Yonge Street is the longest street in the world and touches the Great Lakes and Cooks Bay.

Fun Facts

with

Shing

Mount Logan is the highest mountain in Canada.

Fun Facts

with

Shing

Sweden has the most islands in the world – over 220,000!

Fun Facts

with

Shing

The whopee cushion was invented in Canada.

Fun Facts

with

Shing

Little Lake Manitou, Saskatchewan is 5 times saltier than the ocean.

Fun Facts

with

Shing

The oldest known rock, discovered in Hudson Bay, is 4 billion years old.

Fun Facts

with

Shing

Canada has more doughnut shops per person than any other country.

Fun Facts

with

Shing

Alberta is the hail capital of the world.

Fun Facts

with

Shing

It would take 33 years to walk the coastline.

Fun Facts

with

Shing

Until 1995, it was illegal for margarine to be yellow.

Fun Facts

with

Shing

Quebec produces more than 70% of the world’s supply of maple syrup.

Fun Facts

with

Shing

Winnipeg consumes the most slurpees in the world.

under maintenance

The CLIENT PORTAL is currently undergoing maintenance.

For service, please email service@shingdigital.com or call 1-866-238-4941.