Ransomware: How much an attack on your company really costs


Ransomware is like an iceberg – the real price of falling victim to an intrusion extends far beyond merely fulfilling the attackers’ monetary demands. Check Point Company’s cybersecurity study reveals that the overall financial impact is typically sevenfold greater than the ransom fee alone. This comprehensive expense is an aggregate of various factors:

  • The ransom payout 
  • The cost of downtime
  • Fines resulting from non-compliance with GDPR
  • Reputational damage
  • Collateral damage

The ransomware payment 


A main concern with ransomware is the ransom itself. Even though paying might seem the right choice, many don’t retrieve their full data. Oftentimes, attackers don’t hand over the decryption key, or it’s faulty. And while over half of ransomware victims pay the ransom, only a quarter retrieve all their data. The average ransom payment is $812,360 per organization. According to a study by the Federal Reserve Bank of Atlanta, ransom payments increased 144 percent year over year in 2021. 

The cost of downtime

Downtime is, however, the most significant cost. A ransomware attack prevents access to files and systems, disrupting operations and leading to a massive loss of revenue. This can be especially detrimental for businesses that depend on real-time data or are in time-sensitive sectors. The Ponemon Institute estimates that the average cost of downtime during a ransomware attack is $9,000 per minute, amounting to roughly $500,000 per hour.

Fines resulting from non-compliance with GDPR


The financial fallout from a breach that leads to data compromise can often be traced to potential sanctions for not aligning with best practices dictated by the General Data Protection Regulation (GDPR). For especially severe violations, listed in Art. 83(5) GDPR, the fine framework can be up to 20 million euros, or in the case of an undertaking, up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher. Such a scenario places a hefty economic weight on organizations, more so for those responsible for vast reserves of critical information.

Reputational damage

The risk of having one’s reputation damaged is likewise very high. In fact, a ransomware attack can erode shareholder confidence and have long-term effects on the company’s reputation and earnings. A survey by IBM and Forbes Insights found that 46% of businesses that experienced a cybersecurity breach saw a sharp decline in the value of their brand and reputation. In fact, customers often remember businesses that can’t keep their information secure. One in four Americans say they avoid doing business with organizations that have had a data breach.

Collateral damage

drilling oil

The cost of damages is even higher when the impact on national security is taken into account. This was the case with the attack on Colonial Pipeline, one of the major oil pipelines in the United States, which on May 7, 2021, after an attack by the criminal group DarkSide, experienced a sudden disruption, leaving petrol stations dry and causing air traffic disruptions in the southwest of the United States.

Weighing the iceberg: what ransomware really costs your business

So what is the true cost of a ransomware attack for your business? According to a report by Astra, the average ransomware cost is $4.54 million, slightly higher than the overall average total cost of a data breach, which is $4.35 million. Statistics reveal that a ransomware attack will occur every 2 seconds by 2031. The first half of 2022 saw nearly 236.7 million ransomware attacks worldwide.

Ransomware prevention: best practices 

ransomware crime

The growing danger of ransomware attacks can’t be overlooked. A shocking analysis by Gartner predicts that by 2025 ransomware attacks will increase by 700% and 75% of organizations will face one or more attacks. Taking preemptive steps, like constantly backing up data and using robust security solutions, can result in substantial cost savings over time. 

For a comprehensive backup and restoration approach, organizations need to craft a holistic disaster recovery plan considering factors like data type, volume, backup frequency, and storage location. To ensure data continuity, it’s pivotal to replicate data periodically, such as daily or weekly. This ensures that during a ransomware predicament, information can be sourced from the newest backup, with minimal data discrepancies. 

Where these replicas reside is of utmost importance. Most security agencies, including the Cybersecurity and Infrastructure Security Agency of the United States (CISA), advocate for the 3-2-1 backup rule, a globally accepted gold standard for data preservation and retrieval. According to this rule, one must create three copies of the data, store them on two different types of media, and keep one copy off-site. This approach ensures data protection from a wide range of threats, including ransomware attacks, hardware failures, and natural disasters. By following the 3-2-1 backup rule, organizations can minimize the risk of data loss and guarantee quick recovery of critical data in case of a ransomware attack.

Ensuring that data duplication and restoration methods are watertight is integral to any effective disaster recovery plan. Scheduled evaluations can spotlight potential flaws in the duplication process and ensure that backups work properly. In the event of a ransomware attack, the ability to restore data quickly and efficiently is vital to minimize downtime and reduce the potential financial impact. It’s important to note that not all backup and recovery solutions are equally effective: the choice of the right storage architecture can have a significant impact on recovery times and data reliability. 

Object storage

object storage

Object storage has become a sought-after method for backup and restoration because of its distinct design enabling quicker and more stable data retrieval. It operates by breaking down data and metadata into objects, giving each a unique ID and facilitating easy access and restoration of particular datasets without sifting through a full document. This architecture also enables effortless replication and distribution of data across multiple locations, safeguarding them against numerous potential threats.  

Object storage’s scalability, reliability, and affordability make it a better choice for backup use cases than file storage and block storage. In fact, object storage is an indefinitely scalable option that enables businesses to store massive volumes of data without having to constantly redefine their capabilities and constraints. What’s more, it has built-in redundancy features that increase its resistance to hardware breakdowns and potential power or bandwidth outages. Last but not least, object storage has shown to be more cost-effective than conventional storage techniques. Users may pay only for the space they actually use, rather than having to pay for extra space to accommodate system upgrades or future data migrations.

Unlocking the power of object storage: S3, Object Lock, and Versioning

amazon S3

Object storage uses the Amazon S3 protocol as a standard for communication, introduced by Amazon in 2006. Over time, new features, namely Versioning and Object Lock, have been incorporated into this protocol. These features play a pivotal role in shielding data from ransomware.

Versioning works like a time capsule, allowing the user to store not only the latest version of the file but also all previous versions. This way, if a ransomware makes a file inaccessible, the user can always access another version, without paying the ransom. Object Lock, on the other hand, allows the user to “lock” a file for a specified amount of time. During this time, no one — nor ransomware, neither the user themselves — will be able to modify, encrypt, or delete the file.

Introducing Cubbit, the geo-distributed cloud object storage platform

Cubbit Review Logo

Established in 2016, Cubbit is Europe’s first geo-distributed cloud object storage. Moving beyond traditional models tethered to vulnerable data centers, Cubbit goes for a novel approach: it encrypts, splits, replicates, and distributes the users’ data over an expansive peer-to-peer network, nullifying ransomware threats as well as localized disasters.

Each node of the network contains only fragments of encrypted data: even if a hacker were to gain physical access to a node, they would only find indecipherable gibberish. Moreover, Cubbit DS3 is S3-compatible and supports Versioning and Object Lock. In combination with geo-distribution, these two features guarantee absolute protection from exfiltration, ransomware, and localized disasters.

Unlike traditional cloud storage, geo-distribution also ensures meaningful savings for the customer. Indeed, Cubbit costs just a fraction of hyperscalers. While for other cloud storage providers bucket replication is an expensive add-on, with Cubbit it’s by design. In addition, Cubbit has no egress fees and lets the user recycle their on-prem infrastructures, unlocking frictionless scalability and even further savings. 

Scalability is indeed one of Cubbit’s key strengths. Being S3-compatible, Cubbit seamlessly integrates with the customer’s setup, offering the flexibility to use a wide array of S3-compatible applications such as Veeam, Nakivo, Cyberduck, Cloudberry, Synology, QNAP, and Commvault, among many others. One just needs to change an endpoint to use Cubbit.

Want to know more about Cubbit? Visit the website and start a free trial right away.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top