Ransom payments are just a small percentage of the total costs victim organizations can expect to pay after a serious breach, according to new research from Check Point.
The security vendor analyzed information gleaned from the Conti leaks and ransomware victim data sets from risk quantification firm Kovrr to better understand the impact of attacks.
According to the research, threat actors typically demand a ransom between 0.7% and 5% of the target’s annual revenue. The percentage is usually lower for organizations with large revenues.
Interestingly, the ransom itself is just a small component of the total cost of a ransomware breach. Check Point estimated the total cost to be seven times higher than the ransom, thanks to threat response, investigation and remediation, legal fees, monitoring and other charges.
Factors affecting the negotiations include the quality of the data exfiltrated from the victim, whether they have cyber-insurance, how accurate the estimate of their revenue is and the interests of victim negotiators, the report noted.
Check Point claimed the weekly average of organizations impacted by ransomware surged by 24% year-on-year in the first quarter of 2022 to one in 53 enterprises.
It also said the “duration” of ransomware attacks had declined significantly, from 15 to nine days, although it’s not clear whether this refers to dwell time or the total duration of an attack from initial access to remediation.
A recent Splunk report claimed that the average time it takes ransomware to encrypt 100,000 files now is just 43 minutes, but some strains, such as LockBit, take only four minutes.
“The key learning is that the paid ransom, which is the number most researchers deal with, is not a key number in the ransomware ecosystem. Both cybercriminals and victims have many other financial aspects and considerations around the attack,” argued Check Point threat intelligence group manager, Sergey Shykevich.
“It’s remarkable just how systematic these cyber-criminals are in defining the ransom number and in the negotiation. Nothing is casual and everything is defined and planned according to factors that we’ve described. Our message to the public is that building in advance proper cyber defenses, especially a well-defined response plan to ransomware attacks, can save a lot of money for organizations.”
According to separate research, the average ransom payment in Q4 2021 stood at $322,168. According to IBM, the average ransomware attack now costs $4.6m, higher than the average for regular breaches ($4.2m).