The probability that an organization will experience a ransomware attack is rapidly increasing. In the first half of 2021, the FBI's Internet Crime Complaint Center experienced a 62 percent year-over-year surge in reports, with nearly 2100 complaints. According to one survey, more than a third of organizations worldwide suffered an attack in 2021, with ransomware attacks occurring roughly every 11 seconds.
Given the potential damage to corporate systems and workflows should a ransomware attack shut down access to data or applications, it is not surprising that many companies elect to pay ransoms. Typical ransom demands range from hundreds of dollars to well into the millions. The average ransom paid is approaching $250,000.
Recent, high-profile ransomware attacks have affected critical infrastructure and the supply chain, already strained due to the COVID pandemic. One of the most well-known attacks targeted the Colonial Pipeline, which was responsible for transporting more than 100 million gallons of fuel daily. The results were a spike in fuel prices affecting consumers across the U.S.
Colonial paid a ransom of over $5 million ($2.3 million of which they later recovered), but the effects of the attack went further. According to company sources, remediation efforts extended into the tens of millions of dollars. Other attacks, including the CNA Financial and Kaseya attacks in 2021, had similarly catastrophic consequences.
Despite the growing ransomware threat, many organizations are unprepared to identify or deal with an attack; nearly half of all organizations lack effective incident response plans. Ransomware protection is essential to secure more than just enterprise networks and data. Effective ransomware protection also limits post-attack costs and reputational effects.