- I replaced my $3,500 Sony camera with a 200MP Android phone - and can't go back
- 6 things I did immediately after installing iOS 18.5 on my iPhone - and why you should too
- My favorite 3-in-1 MagSafe charger for travel is smaller than a cookie (and it's on sale)
- 8 ways Google's Gemini AI assistant is getting more powerful and helpful
- Coffee with the Council Podcast: Introducing the New India-South Asia Regional Engagement Board
Government Organizations Lose Nearly a Month in Downtime for Every Ransomware Attack
Recent research by Comparitech reveals the shocking truth about ransomware attacks on government entities; they have a longer impact than anyone thought.
Tracking over 1100 government-targeted ransomware attacks over a period of six years, researchers discovered that each day of downtime cost entities nearly $83,600, and that in each attack the downtime lasted for an average of 27.8 days.
Compared to other sectors, government struggled most to get on its feet; healthcare’s downtime costs approached $900,000 per day but total downtime lasted just over two weeks. Manufacturing’s downtime totals soared to $1.9 million daily, but they were on their feet in 12 days.
Why do government institutions hemorrhage time when hit by a ransomware attack? And where should emphasis be placed to stop the bleeding? While these questions may be the subject of future research, one thing remains sure: government agencies would do well to prevent ransomware attacks at all costs.
Downtime ranged up to 534 days…What’s that in dollars?
While some ransomware attacks took government systems offline for only a few hours, the most notable case resulted in downtime lasting up to 534 days; a period of 1.5 years. With costs to make you cringe, researchers estimated that the total price tag for government ransomware attacks – well, the price due to downtime, anyway – would clear $2.2 billion.
And this is to say nothing of the cost of the ransom itself. Attackers were comfortable demanding a cool $2.2 million per government-centered attack (how’s that for a good use of taxpayer money?) and the numbers come out to roughly $2.9 billion in ransom payments. Combine the two figures and you find that public sector agencies have collectively paid out more than $5 billion due to ransomware attacks in the past six years alone.
However, ransomware demands are avoidable; downtime costs are not.
Who paid what to get back online?
As noted by Comparitech, recovery costs often ranged into the double-digit millions for the hardest-hit government entities. One UK Council took nearly three months and $14.7 million to recover, and even then, a full 10% of their systems were still not functional by that time. Suffolk County in New York, USA took a full five months to get back online as they refused to pay the ransom. Recovery costs exceeded $17 million. In a similar scenario, the city of Baltimore also refused to cave to attacker demands ($75,000 in bitcoin) and instead opted to restore systems themselves; although it would take “months” and over $18 million dollars.
The most notable recovery cost? Health Service Executive (HSE), Ireland fell to an attack by Conti ransomware and took four months – and $96.5 million dollars – to get back to normal again. In addition, it also invested $60 million in upgraded systems better fit to withstand the next attack.
Why do so many government agencies opt to wait – not pay?
When an organization of any type gets hit with a ransomware attack and pays the ransom, a proverbial sign is placed around their neck saying, “I’ll pay again.” Attackers see this and come like sharks to blood in the water. Nearly four in five (78%) of victims that pay the ransom get hit again, and 63% get asked to pay more.
Not giving attackers what they want is an excellent strategy, and one it seems many government agencies have adopted. Healthcare, on the other hand, is highly prone to pay the ransom, but it’s hard not to when you have human lives at stake.
So why not government institutions? Perhaps because constituents wouldn’t be likely to vote twice for the person that let their data slip away and then paid money to appease the bad guys. Or because the risk of getting hit twice was too much for elected officials to bear, or maybe because limiting the risk to citizen’s data is the right thing to do. Another reason could be that things move slow in government (as a general rule) and many systems are outdated, on top of that. Backups and recovery may not be existent, much less up-to-date, and many public sector entities are lacking the funding they need to run a fully staffed SOC the way that they want.
Preventing ransomware attacks – and the downtime that comes with it
Because many government organizations may have their minds made – or their hands tied – when it comes to (not) responding to ransomware demands, the fulcrum of focus should be placed on preventing them in the first place. Or at least minimizing the fallout.
Ransomware prevention starts with reducing the attack surface. Start at the beginning with basics like:
Next, move on to methods of recovery and eliminating downtime:
- Fortra Automate data backup and file replication. An easy drag-and-drop interface helps you make regular, automated backups as effortless as an app running in the background. Plus, use Automate’s automated disaster recovery feature to get your systems back up again in a fraction of the time it would take to do it manually.
Fortra has years of experience providing cybersecurity solutions to government agencies and the public sector. To learn more, check out Fortra Data Protection and Compliance for Government today.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.
