What does a ransomware attack cost? Look out the unknown expenditures

May 31, 2018


The ransom is just a small part of the total expenditure of a ransomware attack. Think about these related expenses when approximating the total harm.


Forecasting the total cost of a ransomware attack can be complicated for safety managers taking into consideration the several elements that can come into play when replying to and recovering from one. Information from several earlier occurrences indicates the expenses go well beyond any demanded ransom sum and the expenses related to cleaning affected systems.

Take into consideration the following instances. The Erie County Medical Center (ECMC) in Buffalo, NY, last July approximated it spent $10 million reacting to an attack concerning a $30,000 ransom demand. Roughly half the amount went toward IT facilities, software, and other recovery-connected expenses. The other half stemmed from workforce overtime, expenses linked to lost incomes, and other indirect expenses. ECMC officers projected the medical center would require to expend hundreds of thousands of dollars more on updating technology and worker consciousness teaching.

Public documents demonstrate that the City of Atlanta expended nearly $5 million simply in acquiring emergency IT facilities after a March 2018 ransomware attack that disabled crucial city facilities for days. The expenses included those related to third-party occurrence reaction facilities, disaster communication, increasing support staff and subject matter specialist consulting facilities.

In Colorado, Gov. John Hickenlooper had to save $2 million from the state catastrophe crisis fund when ransomware infected some 2,000 Windows systems at CDOT, the state division of transportation, this February. In less than eight weeks, CDOT officers expended more than half that amount simply returning systems to usual from the attack.

Not astonishingly, industry approximations linking to ransomware harms have risen lately. Cybersecurity Ventures, which set ransomware expenses at $325 million in 2015, last year projected harms at $5 billion in 2017 and expected it would surpass $11.5 billion in 2019.

For safety managers attempting to prepare a total ransomware cost estimation, the key is not to get obsessed on the ransom sum itself. Even if you end up paying it to regain your data—something that most safety experts advocate against—the actual expenses of the attack in most instances will end up being more.