In 2021, the average ransomware payment was $541,010, up from 2020’s $312,493 average. Insurance premiums for cyber coverage increased, too, up 92% in 2021 compared to 2020. If you’re thinking that your business leaders could stomach that expense to win back control of data, just note: the actual payment is just the start


Where the Money Goes After a Ransomware Attack

The price of ransomware almost always amounts to more than the cost of the ransom. There are the extra people-hours that must be devoted to reassuring customers. There are shareholder lawsuits the business must defend. There are outsourced IT and cybersecurity that may need to be deployed. Downtime could cost millions of dollars per minute in lost revenue alone. And, in regulated environments, that’s just the start of the additional pain to come. 

 Organizations hit by ransomware attacks may also have to pay for:

  • Shareholder lawsuits
  • Regulatory compliance lawsuits and fines
  • Increased insurance premiums (or possible cancellation)
  • Loss of intellectual property
  • External media relations

Find out what might happen when you do or don’t pay a ransom >> 

Now you’re looking at more like $1.85 million. That’s the average bill for rectifying a ransomware attack, including downtime, network cost, and lost opportunities, according to Sophos.

New York’s Erie County Medical Center was hit by a massive ransomware attack in 2017, according to the Buffalo News. Hospital officials said the costs of getting the hospital’s computer systems back up and running were about $10 million. (The attackers requested a ransom of $30,000, which the hospital did not pay.) Here’s where the $10 million went, as the Buffalo News reported:

  • New hardware and software 
  • Third-party cybersecurity consultants
  • Staff overtime pay
  • Lost revenues during system downtime
  • Ongoing costs of $250,000 to $400,000 a month for upgraded technology and employee education to reduce the risk and impact of future attacks

The list goes on. So what can you do to deflect attacks and minimize unexpected costs associated with recovering from a ransomware attack? Read on.

How to Minimize Costs from a Ransomware Attack

The most important strategy for avoiding the giant bill for ransomware recovery is to avoid getting attacked in the first place. It’s better to prepare for the worst and assume it may happen. You need an advanced recovery strategy that helps you get back to business promptly and cost-effectively, without teams of consultants and a complete hardware and software overhaul.

  1. Back up your data and frequently test your backups. If you’ve made an external backup of your files, you should still have access to your data if cybercriminals try to steal and hold it hostage. But what about the speed of your recovery? Regularly testing your backups—which too many organizations don’t do—can help ensure backups are actually recoverable and how quickly they can be restored. Learn about staged recovery environments and how they can help.
  2. Adopt tiered security architectures. Talk with your CISO about the value of tiered security architectures and “data bunkers,” which can help retain large amounts of data and make it available immediately. Tiered backup architectures use different logical and geographic locations to meet a wide range of backup and recovery needs, thereby improving the accessibility and speed of data recovery. 
  3. Create immutable data snapshots. Ransomware attackers are more often going after your backups to really put you in a bind. Pure’s multifactor-authenticated, immutable SafeMode™ snapshots can’t be edited or deleted even if admin credentials are compromised—effectively giving ransomware attackers no backups to ransom. 
  4. Confirm what your cyber insurance covers—and what it doesn’t. Make sure you know and understand the limitations and coverages provided by your policy, what you have to do to use your coverage, and how long it will take for your insurer to engage.
  5. Double down on compliance and data retention and deletion policies. I mentioned how costly compliance and regulatory fines can be when data you’re hanging on to is compromised during an attack. Data retention and deletion policies can help you make a plan for what data is worth retaining, what should be deleted or anonymized, and how you can minimize what you have on hand. Brush up on data retention and deletion policies.
  6. Partner with a storage provider that gets you back online with clean arrays guaranteed. You can significantly decrease downtime and average cost per hour of downtime by finding a partner who can guarantee clean arrays to get you back online as fast as possible. Pure’s new ransomware recovery SLA in Evergreen//One, does just that, guaranteeing clean arrays, recovery plan, data transfer, and onsite staff. 

Related reading: Ransomware Protection for FlashRecover

Gather Your Team and Prep for the Before, During, and After

The best way to be prepared for an attack? Create an emergency response team and arm them with the latest in modern data protection technology so they can be ready: