Wednesday, 23 December 2020 09:30

You’ve heard of Software as a Service – now get ready for Ransomware as a Service

By John Donovan, Managing Director, ANZ at Sophos

Guest Opinion: The ransomware business is booming. In fact, a recent study by Sophos showed that the average global cost of addressing the impact of a ransomware attack, including business downtime, lost orders, operational costs, and more, was US$730,000. This average cost rose to US$1.4 million, almost twice as much, when organisations paid the ransom.

And now ransomware attacks have gone from using highly customised software to a system where it’s become the malevolent equivalent of software as a service – ransomware as a service (RaaS).

These attacks are high volume, low ransom events where the software developers sell their malicious packages (or take a cut of the ransom) to less sophisticated cybercriminals. Those cybercrooks then take a shotgun approach, attacking anything and anyone they can in the hope that a percentage will stick and be forced to pay a fee to have their precious data decrypted. That’s where they make their money.

The state of the ransomware economy

Sophos’ recent report, The State of Ransomware 2020 surveyed 5000 respondents from 26 countries, including 200 people from Australia.

The report found that almost half of Australian companies (48 per cent) were hit by a ransomware attack in the last 12 months, but of those, only 17 per cent of attacks were stopped before the data was encrypted.

In almost three-quarters of ransomware attacks, cybercriminals succeeded in encrypting the data, and in just under a quarter of cases, the attack was stopped before the data was encrypted. This indicates that anti-ransomware technology is having an effect and stopping the bad guys’ attacks before they can cause havoc.

In Australia, 12 per cent of firms hit by a ransomware attack paid up to get back access to their data.

Ransomware – the costs of paying up

While 73 per cent of attacks succeeded in encrypting data, the good news is that 94 per cent of companies suffering an infection managed to get their data back. Globally, 26 per cent got their data back by paying a ransom (that figure is only 12 per cent locally), while just over half recovered their operations via backups. Somewhat mysteriously, 12 per cent globally retrieved their data through other means.

One of the most fascinating aspects of ransomware attacks is that paying up actually doubles the cost! Our research found the average cost globally to remediate a company’s infrastructure after a ransomware attack comes in at $US1,448,458 if the ransom is paid. That figure drops to $US732,520 if the attacked company chooses to not pay up.

This sounds a little counter intuitive. After all, if you’ve paid a ransom, you expect to have your data decrypted and everything will be fine, right?

It doesn’t quite work that way.

Even if an organisation pays up, they’re still going to have to do a lot of work to restore the data. So, what they’re dealing with is the cost of being held hostage, as well as the money required to get everything back to a state of normality.

The fact is that the costs required to recover data and get things up and running again are likely to be the same whether they get data from backups or from the crooks involved. Pay the ransom, and organisations will have another big cost on top.

Dealing with ransomware

The good thing about ransomware as a service is that the scattergun approach means there are lots of copies of the software floating around. This means, unlike bespoke ransomware software, the tools needed to defend against an attack are easily and quickly updated and so if an organisation has anti-ransomware software on their network, they’ll generally be protected.

The key here is to have the crucial elements in place. First, start with the assumption that an organisation will be hit and plan a cybersecurity strategy accordingly based on that idea. Preparation is the best defence. Organisations should also invest in anti-ransomware technology – according to our survey, 24 per cent of companies attacked were able to stop the attack with the right technology they had in place before it could have an effect.

It’s also wise to protect your data wherever it’s held. Ransomware doesn’t discriminate, and attackers can hold data that’s in the public cloud as easily as it does on-premises. Organisations should have regular backups in place and store data offsite and offline, so that if they are hit, they can recover as quickly as possible and get back to business as usual.

The ransomware landscape is changing. RaaS is the new normal, but with the right defences and a cybersecurity plan in place, companies can keep their business intact – and avoid the costs and disruption of a ransomware attack.

Read 10693 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous