The fraudsters who wield ransomware as a weapon have Caribbean firms in their sights. Ransomware attacks against established Caribbean-based organisations are happening, and the impact is acute. A previous Hitachi Security blog mentions a PricewaterhouseCoopers (PwC) report warning that Caribbean firms were “not paying enough attention to cybersecurity risks”. Businesses based in the Caribbean must take action to prevent the impact of ransomware attacks already experienced by other areas of the world: Impacts that affect finances, reputation, motivation, and regulatory posture, and that can be a make or break for businesses already under pressure from novel coronavirus pandemic challenges.

Ransomware is one of the most feared of all malware-based attacks, and rightly so. The malicious software will encode files and documents on the infected device and across the entire network and cloud repositories. Even backups, if not properly isolated, have been known to be infected and records lost because of ransomware. Ransomware is such a ubiquitous problem that a report predicted that ransomware would impact businesses every 11 seconds.

When ransomware hits a company, the impact is all-encompassing. The four critical areas of this impact include:

Operational impact

When a ransomware attack happens, systems go down. As soon as the ransom note appears on an infected desktop, the first action is to attempt to isolate the infection by disconnecting devices and servers across the network. The result is downtime and employees unable to access documents and files, leaving them unable to work. In the 2017 WannaCry global ransomware attack, many health-care institutions were affected, resulting in hospitals being closed to new patients, cancelled operations, and doctors unable to prescribe medicines. Other organisations affected by ransomware end up shutting their doors for good. This was the case in 2019 for The Heritage Company of Arkansas, USA. The company was a victim of ransomware that affected its accounting systems and mail centre to the extent the firm could not process or receive funds and was unable to send out statements. The result was the company was forced to lay off 300 employees.

The average impact time due to ransomware is 16.2 days, according to a report from Coveware. That is over two weeks of dealing with the aftermath of a ransomware attack, including system downtime, clean-up of devices, recovery of files, etc.

The financial burden of ransomware

This year, the Caribbean Council released a statement that points to a Center for Strategic Studies and McAfee study on Latin America and the Caribbean (LAC). This study reveals how the region is now a “new frontier for cyberattacks and crime at an estimated cost of around US$90 billion per year.” The apparent impact of a ransomware attack is that it involves extortion. However, the ransom is only part of the financial burden of ransomware. A ransomware attack costs around $730,000, including business downtime, lost orders, and operational costs, and an average cost of $1.4 million where the ransom is paid.

Personal privacy and security

Data privacy is fundamental across many global jurisdictions and enshrined in many data protection laws. A ransomware attack on any business puts data privacy at risk. The cybercriminals behind the attack may not just encrypt data; they may also expose it. Ransomware is not just about encrypting data. The REvil group behind the ransomware attack on conglomerates in the Caribbean and around the world is notorious for auctioning stolen data. Ransomware fraudsters are criminals and know the vulnerabilities of their targets. They will if they can make further advances from an attack, above and beyond a ransom payment. Once the data is sold, the privacy of the individuals is lost, and security is at risk.

Customer confidence

Customer confidence after a ransomware attack is threatened. Researchers found that more than two-thirds of customers would go to a competitor if an organisation does not restore systems within three days after a cyberattack.

Fighting back against ransomware

The preceding scenarios may seem overwhelming, but more and more firms can fight back using suitable cybersecurity measures. Putting structures in place to mitigate a ransomware attack also overlaps with protecting against other malware infections. This includes ensuring your business has ransomware-resistant backups, robust authentication, email and URL scanning and filtering, and prompt patching of software and systems.

Cybercrime does not recognise country borders or jurisdictions. Cybercriminals follow the money. The World Bank describes the Caribbean as having “significant economic potential and growth opportunities” despite the impact of COVID-19 on tourism. The region has already seen the impact on a major organisation. Now is the time to batten down the cybersecurity hatches and ensure that ransomware is a crime that does not pay.

— Stephen Juteram, Hitachi Systems Security