The Escalating Cost of Ransomware - Hubert Yoshida
2 Li ke
The average cost of a ransomware incident as reported by Purplesec.us used to be
2018 – $4,300
2019 – $5,900
2020 – $8,100
This was mostly targeting small businesses.
In 2021 this took a dramatic turn.
On May 7, 2021, a cyberattack on the U.S.’s largest fuel pipeline, Colonial Pipeline forced a
shutdown that triggered a spike in gas prices and shortages in parts of the Southeast. The operator
of the Colonial Pipeline learned it was in trouble at daybreak on May 7, when an employee found a
ransom note from hackers on a control-room computer. By that night, the company’s chief executive
officer came to a difficult conclusion: He had to pay. He authorized the ransom payment of $4.4
million because executives were unsure how badly the cyberattack had breached its systems, and
consequently, how long it would take to bring the pipeline back.
On Sunday, May 30, technology staff members at JBS, the largest meat processing company in the
world, noticed irregularities with the functioning of some servers. Soon they found a message
demanding a ransom to reclaim access to the company’s system. JBS USA Holdings Inc. paid an $11
�million ransom to cybercriminals who temporarily knocked out plants that process about one-fifth of
the U.S. meat supply. The ransom payment, in bitcoin, was made to shield JBS meat plants from
further disruption and to limit the potential impact on restaurants, grocery stores, and farmerds that
rely on JBS. Although JBS maintains secondary backups of all its data, which are encrypted, and was
able to bring back operations using these backups. JBS’s technology experts cautioned the company
that there was no guarantee that the hackers wouldn’t find another way to strike, and JBS’s
consultants continued negotiating with the attackers.
On Friday this past weekend, July 2, we suffered the largest Ransomware attack so far. Thousands of
companies across all five continents were affected. Initially companies were charged $50,000 to $5
million in exchange for a special key that would allow them to decrypt their data and resume normal
operations. Later the group responsible was willing to negotiate for $70 million to restore all the
data rather than the drawn-out process of negotiating with each account. The group responsible is
suspected by Cybersecurity experts to be the Russia-based hacking group REvil—the same gang that
shut down JBS in June and successfully extorted $11 million in ransom.
The reason this hack was so widespread is that they attacked the supply chain for several Managed
Service Providers that were supporting many small businesses. It all started with a Miami, Florida-
based IT services company called Kaseya, which provides security software for many large-scale
cybersecurity contractors, which in turn sell their security services to thousands of businesses
worldwide. After hackers breached Kaseya’s servers on Friday (July 2), they were able to quickly leap
into at least 40 cybersecurity contractors’ systems. Since, the contractors trusted their supply chain
supplier, Kaseya, they installed the updates from Kaseya that contained the hack. Their customers
them installed the hack into their systems and were infected. The timing, which was before a three-
day, 4th of July holiday in the US meant that many of the end users did not know they were hacked
until they tried to start their businesses on Tuesday. It also took advantage of the practice for many
IT departments to install system updates on long weekends to minimize the disruption to their users.
Most of the affected companies were in the US, but the cyberattack spread to other countries such
as New Zealand and the UK. Swedish grocery chain Coop was forced to close 800 supermarkets
when the hack knocked out its cash registers on Saturday July3. The Coop was able to reopen many
of its stores by asking customers to use a “scan & pay” app on their smartphones to pay for their
groceries.
Now that the Gang has negotiated for a $70 million ransom, no word has been received as to
whether that ransom will be paid. Law enforcement agencies and cybersecurity experts warn that
the multi-million-dollar ransom payments have encouraged the hacking gangs’ growth and
incentivized more criminals to enter the field seeking big scores. In just a few months we have seen
ransoms jump from $4.4 million to $11 million, and now to $70 million. While the larger ransoms are
demanded from large companies in the critical infrastructure, a supply chain hack like the one that
hit Kaseya could cost 100’s of millions if it is spread across thousands of smaller companies.
Even though some companies can recover using backups, the recovery costs could vastly exceed the
cost of the ransom. And in the case of JBS, even when they recovered, they still paid the ransom just
in case. Although some insurance companies provide ransom protection, I don’t know how they can
update the actuarial tables to keep up with the escalating ransom costs.
�Ransomware has become a national threat that ranks up there with the COVID crisis. Cyber security
has to be our number one priority.
