Ransomware attacks are causing more downtime than ever before

The average number of days it takes for organisations infected with ransomware to restore networks is now up to over 16 days.
Written by Danny Palmer, Senior Writer

Ransomware attacks are becoming more disruptive, with the amount of downtime for organisations that fall victim to network-encrypting malware campaigns on the rise.

According to figures in the newRansomware Marketplace report from cybersecurity company Coveware, the average number of days a ransomware incident lasts is now 16.2 days – up from 12.1 days in the third quarter of 2019.

The increased downtime has been driven by a rise in attacks against large organisations, which often need to spend many weeks remediating and restoring their systems.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

"Enterprises must understand the magnitude of the remediation and restoration process necessary when a ransomware attack happens," Coveware CEO Bill Siegel told ZDNet.

"Reconnecting that backup and restoring a large amount of data can be very time consuming. It is a huge project and frankly has to be practiced beyond theoretical table-top exercises," he added.

Ransomware has already had a big impact in just the first month of 2020: currency exchange provider Travelex was hit with Sodinokibi ransomware on New Year's Eve and, at the time of writing, some of the company's online services remain offline over three weeks on from the attack.

The report also notes that the ransom demands made by criminal operations are on the rise, with the average ransom payment doubling in just the space of a few months; it was $41,198 between July and September last year, and reached $84,116 for the period between October and December.

This is once again because ransomware is proving so effective across whole networks that the cyber criminals can make high demands, which in many cases organisations are taking the decision to pay.

SEE: Suspected Iranian hacking campaign targets European energy companies

However, organisations can go a long way to protecting themselves from falling victim to ransomware and other cyberattacks by following a few simple security procedures, including multi-factor authentication on accounts across the network.

"We still see broad non-adoption of multi-factor authentication, which would have prevented a large proportion of the attacks from having the impact they had," said Siegel.

Organisations should also ensure their systems are regularly updated with relevant security patches in order to ensure that cyber criminals can't take advantage of known vulnerabilities to gain access to networks and distribute ransomware.



Editorial standards