Downtime: The Real Cost of Ransomware

Downtime - The Real Cost of Ransomware - LoughTec Cyber Security Company

In our latest blog, LoughTec CTO Cathal Green explains that whilst it is difficult for businesses to resist paying ransoms, the real cost of ransomware is often the downtime a business experiences after a cyber attack.

Modern-day ransomware attacks are vastly different from the malware attacks from the past. Threat actors have become so sophisticated in their techniques that it’s become tougher and tougher for companies to detect and recover from these malicious activities.

Since 2016, more than 4,000 ransomware attacks have happened daily. And a host of new and evolving cybersecurity threats are continuing to put companies on high alert.

Recently, a cyberattack forced the shutdown of Colonial Pipeline—one of the largest fuel pipelines in the United States—and led to widespread shortages at stations along the east coast. To quickly get systems up and running, Joseph Blount, CEO of Colonial Pipeline, authorised a payment of nearly $4.5 million to the hacker group. “It was one of the toughest decisions I have had to make in my life,” Blount said in a CNBC interview.

Resisting ransom payments is difficult. But paying the ransom contributes to the false promise that it will be quicker and easier to undo the damage when in reality, it’s about prioritising the restoration of critical data, applications, and systems needed to run the business.

The average downtime a company experiences after a ransomware attack is 7-21 days. Downtime is the most expensive aspect of a ransomware attack. Recovering from a ransomware attack is generally 10 times the size of the ransom payment.

Why Paying Up Doesn’t Pay Off

Many organisations feel huge pressure to pay ransoms because they can’t afford to be offline or locked out of mission-critical systems and applications for days or weeks. The average downtime a company experiences after a ransomware attack is 7-21 days. Downtime is the most expensive aspect of a ransomware attack. Recovering from a ransomware attack is generally 10 times the size of the ransom payment.

The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from £761,106 to £1.85 million in 2021. It’s no surprise that this figure can potentially be much larger for organisations in certain industries, such as financial services, energy, and healthcare, where there’s a more direct impact on consumers.

Backups Only Address a Small Part of Ransomware Recovery

For more than 50 years, backup software has proven reliable in restoring data after application failures or data corruption issues. However, modern businesses today rely on enterprise apps, and data is mission-critical.

For any large enterprise with modern applications, they might have thousands, or hundreds of thousands, of transactions that occur in a single day. They can’t afford to protect data with a once-a-day backup. Many backup solutions have legacy security models, which make them vulnerable to compromise and for cyber attackers to take control of snapshot data.

Restoring from backups at scale requires a significant amount of effort. The process of restoring from backups has to be perfectly coordinated across several groups working together, notably backup and storage administrators, application DBAs, developers, and networking personnel. Even if it’s a successful backup, companies can only recover a file or a VM. Teams still need a way to start and configure the application and database servers to get an application fully up and running.

Ransomware attacks involve huge undetected dwell times. A recent IBM study found the average time to detect and contain a data breach is 287 days (212 to detect, 75 to contain). The timestamp delta between the last known good backup and the production application state right before the attack can be large. This gap typically represents significant losses in data, which adds to the total impact.

Do you know when most organisations try to restore for the first time? After they’ve been hit by ransomware. And that is the biggest factor in whether it brings a business down or takes a couple of hours to clean up.

If you strengthen your backup and have a Disaster Recovery Plan for all your critical business processes, the cost of recovery will always be less than paying the ransom for an uncertain outcome.

Final Thoughts

Ransomware attacks have become so common that it’s no longer a matter of if but, when, and the aftershocks are instant and painful. The expensive ransomware pay-outs, downtime costs from shutting down company operations, and permanent loss of company data can be detrimental to companies and most don’t survive longer than 6 months after a complete loss.

An organisation’s readiness level in each stage of the incident response process will determine whether one pays the ransom versus not. In other words, the less prepared you are, the easier it will be to pay the ransom.

Having a sound prevention and recovery plan for ransomware must be a top priority for every organisation, and it should not stop at solely implementing traditional cybersecurity and backup applications. These two applications serve their purpose, but they can’t be relied on as the only solution. Preventing long downtimes requires activating a recovery plan for your business-critical applications.

Contact Cyber Security Company LoughTec for a free no-obligation discussion on your business cyber security posture. Call +44 (0) 28 8225 2445 or email

LoughTec: Watertight Cyber Security and IT Solutions