Ransomware Recovery Presents Myriad Expensive Challenges

December 09, 2021


Cybercrime numbers have reached record heights in 2021 and ransomware is at the forefront of this year’s most devastating cyberattacks. The scope and variety of incidents seen in the news shows that every business in every sector is at risk of a ransomware attack. No business is too small – 50% of ransomware attacks last year hit SMBs, and 55% hit businesses with fewer than 100 employees – and no industry is safe. Businesses that are in industries that are under fire and companies that handle or hold a large amount of profitable data are extremely desirable targets for cybercriminals, but in a pinch, any business will do. A new study from Unitrends MSP, the 2021 State of Ransomware Survey Report, sheds light on one major facet of a ransomware disaster for companies: The consequences of a successful attack.  


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

Unitrends MSP surveyed more than 200 IT professionals from MSP organizations worldwide to analyze their experiences with ransomware in 2021 and how ransomware has impacted their clients. The researchers also broke down exactly which operating systems and SaaS applications the bad guys preferred when choosing their targets for ransomware operations as well as taking a look at MSP and customer attitudes toward ransomware readiness. In addition, researchers explored MSP and MSSP relationships, why security measures may fail and securing backup and recovery assets.  

This study shows the scale of ransomware in the world of cybercrime. Ransomware has been the belle of the ball for security in 2021, and it doesn’t look like it will be giving that crown up in 2022. 

In the Last 24 Months, Ransomware Has… 

Become a significant risk 89% 

Stayed the same 5% 

Diminished 2% 

Not Sure 5% 


See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


Businesses Are Woefully Underprepared for Ransomware or the Consequences of an Attack


A surprising fact that was determined in this survey is that only about half of the businesses that these MSPs serve are ready for a ransomware attack. After the blaring headlines and huge hits for ransomware in 2021, you’d think that business IT leaders would be taking the risk seriously, but you’d be wrong. An IBM survey showed that more than 65% of senior-level decision-makers said they didn’t believe the businesses for which they’re responsible would ever fall victim to a cyberattack. The results of this Unitrends survey reflected similar thinking from SMBs. The majority of surveyed MSPs reported that their clients are only somewhat prepared or not prepared at all to face a ransomware attack.   

Levels of Client Preparedness for a Ransomware Attack 

Somewhat Prepared 50%  

Mostly Prepared 37%  

Extremely Prepared 7%  

Not Prepared 7% 

A lack of preparedness to defend against a ransomware attack is a security risk that can lead to disaster. One of the most compelling sections of this report is an analysis of what happens to companies in the aftermath of a ransomware incident. Researchers determined that for companies that have faced ransomware head-on, data loss (22.34%) and downtime (22.13%) were the most common consequences reported. Rounding out the top five most-cited consequences were reputation damage (15.24%), lost profits (13.57%) and compliance failures (9.39%). All three of those elements keep the expense of a ransomware incident snowballing, creating major danger for the long-term viability of the victimized businesses. 

Consequences of a Ransomware Attack for Clients 

Downtime 22%  

Lost Data 22%  

Lost Profits 14%  

Data Recovered (Paid Ransom) 5%  

Data Lost (Paid Ransom) 6%  

Reputation Damage 15%  

Compliance Failure 9%  

Other 2%  

Clients Not Affected 5%  


Learn The Truth About Ransomware & tricks for defending against it from experts! WATCH WEBINAR>>


 Ransomware Recovery Expenses Last for Years 


A cyberattack like ransomware not only does hefty damage upfront, but it also carries a long tail with a sting on it for any company unfortunate enough to experience a ransomware-related data breach. Organizations will not see the full picture of the cost of a data breach right away. It can take more than two years for the dust to settle.  

  • Around 61% of the cost of a data breach is paid in the first year after impact. 
  • 12 – 24 months after the incident, an estimated 24% of the cost of a data breach comes due.  
  • The final 15% of the cost of a data breach can arrive more than two years after that. 

Ransomware can shut down businesses entirely, especially businesses that use technology to run factories, operate and manage infrastructure or facilitate transportation. In the wake of an incident, an organization that has been hit faces an average of 21 days of downtime. How? According to a Tech Crunch breakdown: the remediation process for an average-sized organization takes on average 32,258 hours, which when multiplied by the average $63.50 IT hourly wage totals more than $2 million.  

Downtime and lost productivity are two more costly consequences of ransomware attacks that send recovery and impact costs climbing. Ponemon Institute researchers disclosed that phishing attacks, the cause of almost one-fifth of ransomware attacks last year, led to employee productivity losses of $3.2 million in 2021, up from $1.8 million in 2015.   


Get on the road to security success with a 5 Steps to Ransomware Readiness infographic! GET IT>>


Ransomware Recovery Challenges 


Recovery from a scorched-earth attack like ransomware is not a simple proposition. Unitrends researchers noted that one of the most reliable ways to be certain that ransomware has been eliminated from a system is to completely wipe all impacted devices and reinstall them from scratch because reformatting hard drives ensures no remnants of malware remain buried within the system. This was the most popular method of recovery among survey respondents with 31.18% performing a bare metal recovery. About 14.12% of respondents spun up new machine image(s) via local virtualization. Another 12.94% performed virtualization on a cloud target and 11.18% of respondents reimaged their machines to their default.  

Techniques Used to Recover from Ransomware  

Bare Metal Recovery 31%  

File Level Restore 17%  

Local Virtualization 14%  

Cloud Virtualization 13%  

Other 12%  

Paid Ransom 2% 

Paying Ransoms Doesn’t Pay 

Unfortunately, 3% of businesses in this survey chose to pay the ransom. Paying a ransom may not be legal, and it rarely results in a good outcome for businesses. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that paying ransom to cybercriminals is likely to be unlawful. Organizations that pay ransoms to cybercriminals or facilitate ransomware payments on behalf of victims, including financial institutions, cyber insurance firms and companies involved in digital forensics and incident response, are violating OFAC regulations.   

Paying a ransom is unlikely to get a company’s data back. Less than 60% of companies that pay the ransom when they’ve been hit by a ransomware attack are ever able to recover even part of their data, and 39% of companies that pay a ransom never see any of their data again. Paying the ransom also doesn’t reduce a company’s chance of being hit again. In fact, recent findings from cybersecurity vendor Cybereason indicate that 80% of organizations that were hit with a ransomware attack and chose to pay a ransom experienced a second attack, and nearly half believe the second attack was carried out by the original perpetrator.  


Turn no to yes with techniques for dealing with unknowingly ignorant decision-makers! WATCH WEBINAR>>


Stop Ransomware Before It Starts with Graphus 


Stopping ransomware starts with stopping phishing. Establish a smart defense against ransomware threats in a flash with automated, AI-powered email security from Graphus. The ideal choice to combat the flood of dangerous phishing email heading for every business, Graphus layers security for more protection with three powerful shields.  

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.   
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.     
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.  

The choice is clear: smart, automated email security is the right move for businesses in 2021 and beyond. Let us help you give your business the big benefits of automated security at a small price without sacrificing functionality or innovation when you choose Graphus. Book a demo today.


See how to avoid cybercriminal sharks, phishing & ransomware in Phishing 101. DOWNLOAD IT>>


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus