The massive WannaCry outbreak caused an estimated $1 billion in damage costs in just its first four days, according to Stu Sjouwerman, CEO at KnowBe4.
The WannaCry ransom payouts, however, have been minimal. Various media reports peg the payouts at anywhere from five figures to a few hundred thousand dollars. Even if everyone affected coughed up the $300 ransom demand, the total payouts would be roughly $60 million.
For 2017, Cybersecurity Ventures predicts global ransomware damage costs will exceed $5 billion, up from $325 million in 2015.
The costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.
While the percentage of ransom victims who pay Bitcoin to hackers in hopes of reclaiming their data appears to be on the decline, the total damage costs in connection to ransomware attacks is skyrocketing. Ransom payouts are the least of all damage cost contributors.
Cybersecurity experts have been urging ransomware victims not to pay ransoms.
"Paying the ransom is never recommended mainly because it does not guarantee a solution to the problem," according to the No More Ransom Project. The project is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, and two cybersecurity companies—Kaspersky Lab and Intel Security—with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
No More Ransom Project adds, "If the ransom is paid, it proves to the cyber criminals that ransomware is effective. As a result, cyber criminals will continue their activity and look for new ways to exploit systems that result in more infections and more money on their accounts."
While organizations are heeding the advice, the primary damage costs remain.
6 strategies to protect against ransomware
An ounce of ransomware prevention can be worth its weight in gold—and the No More Ransom Project offers six points to follow:
1. Back up! Have a recovery system in place so a ransomware infection can’t destroy your personal data forever.
2. Use robust antivirus software to protect your system from ransomware.
3. Keep all the software on your computer up to date. When your operating system or applications release a new version, install it.
4. Trust no one. Any account can be compromised, and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner. Never open attachments in emails from someone you don’t know.
5. Enable the "Show file extensions" option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions such as .exe, .vbs and .scr.
6. If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi). This will prevent the infection from spreading.
There's one point that the No More Ransom Project left off. And while it is listed last here, it is certainly not the least. In fact, it may be the most important of all:
7. Train employees. Trend Micro states that more than 90 percent of successful hacks and data breaches stem from phishing, emails crafted to lure their recipients to click a link, open a document or forward information to someone they shouldn’t. Training users how to detect and react to these threats are a critical ransomware deterrent.
“Training employees on security will immediately bolster the cyber defenses at most companies,” said Lawrence Pingree, a research director at Gartner, because most data breaches are based on “exploiting common user knowledge gaps to social engineer them to install malware or give away their credentials.”
Training employees how to recognize and defend against cyber attacks is the most under spent sector of the cybersecurity industry. Spending on security awareness training aimed at thwarting cybercrime, including ransomware, is expected to climb into the billions over the next several years.
Related video: Ransomware marketplaces and the future of malware