recover from ransomware in HOURS, NOT DAYS or WEEKS.

Halcyon Ransomware Malicious Quartile Q3 2023

Explore the latest reports by the experts at Halcyon

January 26, 2024
Halcyon Research Team
Download PDF

Executive Summary

If the cost of recovering from a ransomware attack does not kill a business, the legal and regulatory fallout certainly could. The annual impact from ransomware attacks in the US alone is estimated to be more than $20 billion. On average, ransomware attacks cost more than $4M to fully remediate, but these estimates do not include potential losses from lawsuits and other tangential costs like damage to the brand, lost revenue, lost production from downed systems, and other collateral damage such as intellectual property and regulated data loss.

The financial losses stemming from a ransomware attack can go far beyond incident response and recovery actions. Consider the case of KNP Logistics, the UK’s largest logistics provider, which declared itself insolvent in September of 2023 following a major ransomware attack that impacted operations and resulted in excessive losses. Ransomware attacks create liability issues and intellectual property loss for organizations as attackers focus on the exfiltration of sensitive data prior to delivering the ransomware payload, or in some cases opting not to deliver a payload and engage in direct data extortion. We are seeing more class action lawsuits being filed against victim organizations who suffered data loss in the course of a ransomware attack, and the liability issue is reaching all the way up to company officers and Boards of Directors.

RaaS operators and other data extortion attackers also continue to develop custom tooling and implement novel evasion techniques designed to evade or completely circumvent traditional endpoint protection solutions. Recent reporting indicates ransomware operators have reduced the time to infection after initial compromise from an average of 4.5 days to just a matter of hours. This is because attackers are increasingly taking advantage of unpatched vulnerabilities and misconfigurations by automating aspects of their attack progressions. Automation means ransomware operators can simply hit more victims faster.

Other Reports

Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.