It's been over a year since the NotPetya ransomware made it's way around the world, with a primary focus on Europe. Since that time, the companies who were directly effected (those whose networks were shutdown and were unable to do business) have faced costs of well over $1B. That doesn't include the costs they've incurred due to the PR nightmare they faced, or the cost of longterm business lost to the competition. It also doesn't consider the cost to the downstream businesses who were effected through no fault of their own. Shipping giant Maersk claims to have lost somewhere in the vicinty of $300M in lost revenues, remdiation costs, and payments to business partners; but what about the trucking companies who lost business while Maersk was shut down? Clearly, $1.2 billion is only a part of the total cost of NotPetya.
Wired recently published a very detailed article looking at the global effects of NotPetya (with a specific focus on Maersk), how the virus spread, and the cybercriminals' links to the Russian government. You can read the article here, but if it falls under the category of TL;DR (too long; didn't read), you can take away a handful of reminders...
Hardware and Networking
- Always patch your systems; both servers and PCs
- Make sure you're using best in class security solutions, including firewalls and endpoint protection (including anti-ransomware)
- Back your data up on a regular basis (hourly), and verify that it's easily recoverable in the event of a disaster.
- Keep your operating systems and software up to date; you don't always have to run on the newest versions, but if you're more than two updates behind, it's time to consider an upgrade
- Employees should be reminded not to store important company data on their hard drives; make sure they're storing to network drives so that data can be backed up and recoverable
Direct Costs Associated
- The average ransom is in the vicinity of $1,000. Paying the ransom doesn't guarantee recovery of files (and didn't recover files with NotPetya)
- What's the direct cost to your business in terms of downtime, lost revenues, and employee inactivity?
- What's the cost to remediate the issue and rebuild your network?
- Do you have to reimburse your customers for their losses due to your inability to run your business?
- (A good cyberinsurance policy MAY pay for many of the above costs, but only if you have made every effort to secure your network, in advance.)
Indirect Costs Associated
- Cost to your customers' customers
- Bad PR
- Loss of trust/faith from your client base
While the Wired article talks about all of the negatives associated with a ransomware outbreak, there's also a way to benefit from taking the proper measures (aside from not having to pay all of the costs); having a properly secured and backed up network can be a HUGE marketing tool. For a prospect considering your company and your competition down the street, if you are able to lay out every defensive measure you have in place, and allay any fears that prospect may have, you have a huge competitive advantage. Make the most of that advantage, and learn from others' mistakes. Secure your network and back your data up (with an easily recoverable solution) on a regular basis.