The True Cost of Ransomware: how much does a ransomware attack really cost your business?
Fedex and TNT: NotPetya
Fedex suffered via its subsidiary TNT in the NotPetya Ukraine attack in June. NotPetya was the attack that simulated ransomware but actually scrambled all the computer files irrecoverably. That attacked was aimed at bringing down Ukraine businesses. However a lot of multinationals were caught up, like Fedex, via their subsidiaries as the subsidiaries are linked to the larger corporate network.
Fedex just released how much it cost them in lost business and cleanup: a staggering $300 million US.
Fedex lost some of that business as they continued to take in packages even though the attack left them processing everything manually by paper. Can’t you just hear echoes of the screams of their customers? Fedex knew they couldn’t process their clients’ packages but took the business anyway.
The True Cost of Ransomware
What happens when your business is attacked by ransomware? All your computer documents, spreadsheets, PDFs, pictures are encrypted. You have no access to your business data stored on your network. If you get something like Petya, or NotPetya, your computer network is gummed up while the malware tries to infect every device on the network. For most businesses, this means you can’t work and can’t bill and you’re paying employees to sit around and tear their hair out.
Then you add your IT costs. You need to pay an IT professional to disinfect your network and restore your files.
And you’re going to lose some business in the process, those customers who can’t wait for your systems to come back.
How do you prevent ransomware?
Recently a newer client called me because her antivirus vendor was trying to upsell her on some ransomware prevention. What did I say? Don’t do it. Here’s how to prevent ransomware:
- Patch monthly. Patch every device that connects to your network monthly.
- Have a good backup. Check your backups regularly.
- Train your employees on the latest hacking scams like phishing and fake software
- Have your computer network setup by an IT professional (not your nephew).
- Prepare a disaster recovery plan.
Fedex could have saved themselves $300 million if they had patched their systems monthly. Microsoft released the patch for that vulnerability back in March. Fedex could also have limited the damage if their networks had been set up properly to detect and stop the malware spreading. And if Fedex had been honest with their customers and not accepted packages while they get their systems restored, they would not have pissed off their customers.
An ounce of patching is cheaper than a pound of hacking.