Keeper research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations.
One of the most damaging myths about ransomware attacks is, “If your company does regular system backups, you don’t have to worry. Just restore from the backup.” While system backups are crucial — power outages, natural disasters, or even mistakes by employees can destroy data just as quickly as a cyberattack — they’re not a silver bullet. Recovering from a ransomware attack involves more than restoring systems and data.
What does ransomware recovery really look like? To find out, Keeper Security surveyed 2,000 employees across the U.S. whose organizations had been victimized by ransomware in the previous 12 months. Here’s what they found.
Nearly one-third of companies got hit by trains they never saw coming.
Over the past year, ransomware attacks have earned a near-permanent spot on the front page of every newspaper in the country. Yet 29% of respondents to Keeper’s survey had no idea what ransomware was until their organizations were hit by it.
This indicates that many employers are not providing their workers with adequate cybersecurity training. That’s especially concerning because the majority of attacks involved social engineering schemes including phishing emails (42%), malicious websites, (23%) and compromised passwords (21%).
Ransomware recovery isn’t painless. It brings on changes, many of them quite disruptive. Restoring data and systems from backup is only the beginning of ransomware recovery. Organizations need to harden systems to prevent future attacks, as well as make repairs to systems damaged by the ransomware. 83% of respondents reported that their employers had installed new software or made other significant changes.
Any change to an organizational data environment has the potential to degrade productivity, especially if it’s a major change like cloud migration. That’s certainly what our respondents said, with 71% reporting that the changes their employers made were inconvenient or disrupted productivity.
64% of respondents lost login credentials or documents.
43% had to keep logging into programs/accounts (vs. staying logged in continuously).
40% lost time to frequent computer restarts and updates.
These problems left employees in desperate need of IT support. However, 36% of them couldn’t get it, because their IT departments were too busy working on ransomware recovery to deal with non-security-related issues.
About half of organizations pony up the ransom.
Law enforcement and many security experts advise against paying ransoms, as this encourages more attacks. However, ransomware brings business as usual to a screeching halt:
77% of respondents said they were temporarily unable to access systems or networks post-attack.
28% of these outages lasted for a week or longer.
26% of respondents were unable to fully perform their job duties for at least a week.
As a result, 49% of respondents said that their employers paid the ransom. However, that money had to come from somewhere, and 93% also noticed budget cuts in other areas following the ransom payment.
Ransomware stamps a big scarlet “R” on a company’s reputation
Rightly or wrongly, organizations that are victimized by ransomware attacks take a reputational hit, with 64% of respondents saying that they felt their employers’ reputations had suffered post-attack. Perhaps even worse (especially amid today’s labor shortages), 63% of employees said that they’d personally lost trust in their employers.
The stigma is so severe that a surprising number of organizations try to sweep everything under the rug. Over one-quarter (26%) of respondents said that their organizations had told only partners and customers — not the public at large — about the attacks. Another 15% didn’t tell anyone at all.
The majority of ransomware attacks involve compromised passwords, either acquired through phishing schemes or because employees used weak, easily guessed passwords. The first step to preventing ransomware attacks is to ensure that employees are using strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it’s supported.