Unintended Consequences of Ransomware

• July 11, 2022
• Brittany Stern

This blog was authored by my colleague Mark Shaffer – Cybersecurity Controls Manager, Financial Institutions.

In December of 2021, the Office of the Comptroller of Currency (OCC) stated that all Financial Institutions must have ‘robust’ systems to identify threats and vulnerabilities in their technology. The OCC went on further to state that Financial Institutions should back up key systems and records in isolation to guard against hackers looking to disrupt systems for payout. 

This is in response to the huge growth in malicious threat actors conducting ransomware attacks at Financial Institutions throughout the United States. In fact, according to the Carnegie Endowment for international peace, there have been over 50 phishing based cyberattacks directed at Financial Institutions in 2021. Then in March of 2022, CISA reported that the Russian State Backed Hacker Group within the GRU (Russian military intelligence organization) has released a new malware that can lead to complete network compromise. Further regulatory statements released in March include “all Financial Institutions, regardless of size, are potential targets for cyberattacks, like social engineering and phishing attacks, and must remain vigilant.”

Intended consequences of a ransomware attack range from lost revenue due to downtime associated with expensive recovery costs decrypting the victims now encrypted data, and disruptions that damage a Financial Institutions ability to deliver value to the end consumer.

With the average cost of a data breach involving ransomware in the US reaching $4.62M (*IBM) many unprepared businesses are never able to fully recover or to continue operating following a ransomware breach.

In today’s volatile cyber environment, we have seen staggering numbers associated with the known impacts of a ransomware attack including:

• 287 days is the average length of time to identify and contain a data breach
• Data breach costs rose from $3.86 million to $4.62 million, the highest average total cost in history
• The average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach

However, it is often the unintended consequences that impact the organization the most during and after a ransomware breach.

These include:

• Operational Impacts
• Market Reputation/Brand
• Downstream financial impacts 
• Data efficacy and legal impacts
   

Operational impacts

A ransomware attack will severely affect the operating capability of organizations. Despite being well prepared with functional data back-ups, restoring affected systems could take days. Worse, organizations that are not prepared, or whose back-ups have been compromised during the attack, could take weeks to return to full operating capacity. In the process of recovering their data some have seen their operational services come to a complete stop.

Market Reputation/Brand

Suffering a data breach or a ransomware attack may adversely affect the market reputation of an organization. Some customers may view a successful attack as an indication of weak security practices or may be so severely impacted by a service disruption they choose another provider, often direct competitors. 

Downstream Financial Impacts 

In addition to the loss of revenue an organization may suffer, there are other financial impacts that are obvious and some that are not. Obvious financial impacts include: the price of the ransom payment (if paid); the expense to remediate the incident, including new hardware, software, and incident response services; insurance deductibles; attorney fees and litigation; and public relations. Other less obvious financial impacts may include insurance premium increases; devaluation of reputation; and loss of intellectual property.

Data Efficacy and Legal Effects

During a ransomware attack, a malicious actor will encrypt numerous files making them, and often the systems that rely on them, unusable. If a ransom is not paid these encrypted files are often permanently locked requiring the organization to regenerate the information, if it can. However, even if a ransom is paid, there is no guarantee that a threat actor will provide a decryption key. Moreover, if a key is provided it is still possible the ransomware attack causes significant destructive damage to data and data repositories, which may require rebuilding the affected systems anyway. Additional legal impacts can result when the threat actor has stolen trade secrets, propriety information, or any Personally Identifiable Information (PII), the loss of this data could spur legal action or lead to the loss of a competitive advantage.  

Cybercrime groups often stress that they are apolitical and motivated solely by financial gain, but the effects of cyber-attacks are becoming increasingly difficult to predict and control. The reason for this is interconnectivity and easier access to more sophisticated tools. We live in a digitized world which is so interlinked that an attack on one host can have far reaching and unknown consequences, resulting in cyber threat against other countries or companies around the world.

Ransomware is no longer a human problem. Entire organization resilience and recovery depends on machine-speed responses to machine speed attacks. As such, solutions like Machine Learning, network segmentation, defined Business Continuity Planning/Testing and Artificial Intelligence technology proves critical in tackling the volatility and speed of the threats of today, and of tomorrow.

How Can We Help?

CLA’s IT and Cybersecurity team can help with remediation efforts, aid in the understanding of your organizations overall attack surface and help you to understand if the controls that are in place are properly mitigating risk from that attack surface. We have experienced professionals that can help assess controls to prevent an attack or respond to an attack if one has occurred.

, Cybersecurity, Information Technology | Comments Off on Unintended Consequences of Ransomware