Abstract
Cyberattacks and thus cybersecurity risks have accelerated over the past years. Cyberattacks are based on threat event attack types, as described in Chap. 2. Besides other threat event attack types, ransomware is probably the No. 1 challenge of threat event attacks that industrial, public, and private organizations are facing. Ransomware is a type of malware that typically locks the data on a targeted computer system or user’s files by encryption. This cyberattack demands a payment (ransom) before the ransomed data is decrypted and access returned to the targeted user, but ransomware comes in many forms. In this regard, ransomware is a type of malware used by cybercriminals for financial gain. Typically, a ransom note is installed on a targeted computer system at the same time the data/files are encrypted. They not include information on the ransom demands, meaning the amount of ransom a deadline for payment, and instructions how to reach and pay the ransom providing details on the cryptocurrency wallet or other wiring information to complete the transaction. In this context, ransomware is a two-step-extortion: Step 1 is to encrypt and extract the data/information; Step 2 is to negotiate the ransom. However, over the past years, ransomware has emerged to Ransomware-as-a-Service (RaaS), because ransomware has proven to be an effective approach for cybercriminals to hit it big, in terms of both payouts and notoriety. One of the cases was the 2020 Solar Winds supply chain attack. Cybercriminals targeted Solar Winds by deploying malicious code into its Orion IT monitoring and management software platform used by thousands of industrial organizations and government agencies worldwide, which creates a backdoor through which cybercriminals access and impersonate users and accounts of the targeted organizations’ systems. The SolarWinds supply chain attack was a major cybercriminal event because not a single company was attacked by a breach-in, but it triggered a much larger supply chain incident that affected thousands of organizations, including the US government. In this cyberattack, the cybercriminals used tools used for many years, developed, and adjusted them with new attack pattern, and cybercriminals hit it big in terms of payout and notoriety. Such ransomware attacks led to an evolution capitalizing on a growing number of cybercriminals who want to get in. These successful cybercriminals started as cybercriminal entrepreneurs offering RaaS, which makes carrying out ransomware much easier by other cybercriminals, lowering the barrier to entry, and expanding the reach of ransomware. In this, cybercriminal business model gains the RaaS entrepreneur a percentage of the ransom paid to the new cybercriminal or a group of cybercriminals using RaaS in a license model, who attack organizations for a ransom. Against this background, Chap. 6 introduces Sect. 6.1 in ransomware attacks and the ransomware landscape, whereas Sect. 6.2 focuses on ransomware attacks and scenarios in Sect. 6.2.1 and ransomware attacks on OT systems in Sect. 6.2.2. Section 6.3 refers to Cost Factors of Ransomware Attacks (CFoRA) and introduces a useful design of the approaches in Recovery Point Objective (RPO) and Recovery Time Objective (RTO) in the Sects. 6.3.1, 6.3.2, and 6.3.3. The focus in Sect. 6.4 is on Loss of Reputation (LoR) and preventing it. Section 6.5 contains comprehensive questions of the topics ransomware, Cost Factors of Ransomware Attacks and Loss of Reputation through ransomware attacks. Finally, “References” refers to the used references for further reading.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Warikoo, A.: Proposed Methodology for Cyber Criminal Profiling. In: Information Security Journal: A Global Perspective, Vol. 23, No. 4–6, pp. 172–178, 2014
Billois, G., Lahoud, M.: Cybercrime – Ransomware: Number One Cyber Threat. In: Whitepaper Institute Montaigne, 2021. https://www.institutmontaigne.org/en/analysis/cybercrime-ransomware-number-one-cyber-threat (Accessed 12.2022)
State of Ransomware: Invest now or pay later. CRA Business Intelligence Study, 2022. https://resources.menlosecurity.com/reports/state-of-ransomware-invest-now-or-pay-later (Accessed 12.2022)
Ransomware. Imperva Whitepaper, 2022. https://www.imperva.com/learn/application-security/ransomware/A (Accessed 12.2022)
Challita, A.: The Four Most Popular Methods Hackers use to Spread Ransoware. Whitepaper ITProPortal, 2022. https://www.itproportal.com/features/the-four-most-popular-methods-hackers-use-to-spread-ransomware/ (Accessed 12.2022)
Arntz, P.: Threat Spotlight: CrySis, aka Dharma ransomware, causes a Crisis for businesses. Malwarebytes Lab Whitepaper, 2019. https://www.malwarebytes.com/blog/news/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses (Accessed 12.2022)
Beltov, M.: LowLevel04 Ransomware Virus – Removal Steps and Protection Updates. 2016. https://bestsecuritysearch.com/lowlevel04-ransomware-virus-removal-steps-protection-updates/ (Accessed 12.2022)
Malware Analysis Report: Nemucod Ransomware. Center for Internet Security Whitepaper. 2022. https://www.cisecurity.org/insights/blog/malware-analysis-report-nemucod-ransomware (Accessed 12.2022)
Threat Landscape Dashboard RIG Exploit Kit. https://www.mcafee.com/enterprise/en-us/threat-center/threat-landscape-dashboard/exploit-kits-details.rig-exploit-kit.html (Accessed 12.2022)
The State of Ransomware 2022 – Sophos News. https://news.sophos.com/en-us/2022/04/27/the-state-of-the-ransomware-2022/ (Accessed 12.2022)
Unit 42 Ransomware Threat Report 2022. https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf (Accessed 12.2022)
Why Ransomware Attacks on OT Systems are Growing. Cylo Team Blog, 2022. https://cyolo.io/blog/ot/why-ransomware-attacks-on-ot-systems-are-growing/ (Accessed 12.2022)
https://www.cisa.gov/publication/ransomware-awareness-campaign-fact-sheet (Accessed 12.2022)
Shmuely, H.: How to increase the Security of OT Systems with Zero Trust. Cyolo Blog, 2022. https://www.cyolo.io/blog/ot/how-to-icrease-the-security-of-ot-systems-with-zero-trust/ (Accessed 12.2022)
Buchanan, S., Proctor, P., Hayes, B.: Measure the Cost of Cybersecurity Protection. Gartner Report ID G00764671, 2022
Dukin, J., Stellwag, D.: Cost Factors of a Ransomware Attack –A Description of the possible Threat of a Ransomware Attack on IT and OT systems with reference to the possible Costs with Consideration of reasonable RTO and RPO. Student Project t the Course IoT and IIoT at TU Clausthal, Germany, 2022
Grimes, R.A.: Ransomware Protection Playbook. John Wiley & Sons Inc., 2021
Sjouwerman, S.: Seven Factors Analyzing Ransomware’s Cost to Business. In: Forbes Technology Council Post, July 29, 2021. https://www.forbes.com/sites/forbestechcouncil/2021/07/29/seven-factors-analyzing-ransomwares-cost-to-business/?sh=65dc91a92e98 (Accessed 12-2022)
Möller, D.P.F.: Cybersecurity in Digital Transformation: Scope and Application. Springer Nature 2020
Luber, S., Schmitz, P.: Security Insider – Definition Disaster Recovery. In: Vogel Communications Group, 2020. https://www.security-insider.de/was-ist-disaster-recovery-a-732206/ (Accessed 12.2022)
Ransomware Recovery. Zerto Whitepaper, 2022. https://www.zerto.com/resources/essential-guides/ransomware-recovery-guide/#5 (Accessed 12.2022)
Ransomware Readiness Checklist. In: Zero Whitepaper, 2022. https://www.zerto.com/wp-content/uploads/2022/02/Ransomware_Iceberg-Infographic_Checklist-1.pdf (Accessed 12.2022)
Litone, M.: Mission-critical Network Planning. Artech House Publ. 2003
Marget, A.: RPO and RTO: What are they and How to Calculate Them. In: Unitrends Whitepaper 2022. https://www.unitrends.com/blog/rpo-rto (Accessed 12.2022)
https://www.druva.com/glossary/what-is-a-recovery-point-objective-definition-and-related-faqs/ (Accessed 12.2022)
A Salamanca, F., Jimenez, J.: Implementing Automated Replication for Cost Effective Disaster Recovery. 2011. https://dsimg.ubmus.net/envelope/157842/313522/1332863421_3_21_Implementing_automated_replication_for_cost_effective_disaster_recovery (Accessed 12.2022)
What is a Recovery Point Object and How to Calculate one. In: Indee Editorial Team, 2022. https://www.indeed.com/career-advice/career-development/recovery-point-objective (Accessed 12.2022)
https://www.f5.com/services/resources/glossary/recovery-time-objective-rto (Accessed 12.2022)
Kerner, S.M.: Recovery Time Objective: In: techtarget Notes, 2022. https://www.techtarget.com/whatis/definition/recovery-time-objective-RTO (Accessed 12.2022)
https://www.gremlin.com/community/tutorials/testing-disaster-recovery-with-chaos-engineering/ (Accessed 12.2022)
Kirvan, P., Sliwa, C.: What is Business Impact Analysis?. Techtarget Whitepaper, 2022. https://www.techtargete.com/searchstorage/definition/business-impact-analysis (Accessed 12.2022)
Global Risk Management Survey. Aon PLC, 2019
Taylor, T.: How Reputational Damage from a Data Breach affects Consumer Perception. Securelink, 2022. https://www.securelink.com/blog/reputation-risks-how-cyberattacks-affect-consumer-perception/ (Accessed 12.2022)
Secure your Mission-Critical Systems and fill Security Gaps in Access Management. https://www.securelink.com/why-choose-securelink/ (Accessed 12.2022)
Taylor, T.: What is Access Governance. SecureLink, 2021. https://www.securelink.com/blog/what-is-access-governance/ (Accessed 12.2022)
Taylor, T.: What is Access Control. SecureLink, 2021. https://www.securelink.com/blog/what-is-access-control/ (Accessed 12.2022)
Taylor, T.: What is Access Monitoring. https://securelink.com/what-is-access-monitoring/ (Accessed 12.2022)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Möller, D.P.F. (2023). Ransomware Attacks and Scenarios: Cost Factors and Loss of Reputation. In: Guide to Cybersecurity in Digital Transformation. Advances in Information Security, vol 103 . Springer, Cham. https://doi.org/10.1007/978-3-031-26845-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-26845-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26844-1
Online ISBN: 978-3-031-26845-8
eBook Packages: Computer ScienceComputer Science (R0)