A new report claims the cost of ransomware attacks in Australia could have topped more than $1 billion last year.
Cybersecurity firm Emsisoft has crunched the numbers and found that when you add together the cost of Bitcoin payouts and downtime costs due to ransomware attacks, Australians could have lost up to $1,079,014,560.
It’s not a precise figure however, rather a broad estimate to highlight the enormous sums involved in ransomware attacks.
Emsisoft says the minimum that Australians lost last year was $269,753,640.
Average ransom increasing
The estimate was based on 2874 confirmed ransomware attacks in Australia made to ID Ransomware. In total ID Ransomware received 452,151 submissions worldwide.
The average ransom demand is $84,000 in Bitcoin – although that figure has been increasing rapidly in the past month.
About one third of companies actually pay the ransom, but costs snowball either way as incidents result in an average of 16 days downtime.
Australia doing well compared to other countries
Australia was eight on the list of ten countries that Emsisoft produced figures for.
The United States topped the list with an estimated cost of $9.3 billion, and a minimum of $2.32 billion.
It was followed by Italy ($4.35B/$1.1B), Germany ($4.01B/$1B) and France ($3.3B/0.83B).
Only Austria and New Zealand had lower ransomware costs than Australia/
Emsisoft spokesperson Brett Callow noted that given the difficulty getting solid numbers, the figures were estimates only.
“Ransomware costs $6,266,812,860. At least,” he said referring simply to the minimum total of ransom demands.
“While our calculations may be significantly under- or overestimated, this nonetheless provides an indication of the enormous economic toll that ransomware is taking.
The report noted that: “While the above costs may seem extraordinarily high, it should be remembered that ransomware incidents can be exceptionally expensive – for example, Norsk Hydro estimated its ransomware-related losses at more than $50 million.”
The minimum cost figure was calculated by reducing the submissions number by 50% because around half of ID Ransomware’s reports related to STOP ransomware, which has lower ransom demands and targets home users.
Around 25% of ID Ransomware reports come from public and private sector organizations, so the ‘estimated cost’ is based on the reduced figure times 4.
The cost was estimated at $10,000 per day. While a big number, it pales in comparison to a Gartner estimate that previously put the average at more than $5,600 per minute.
“This [$10k] figure that has no basis in reality and we have included it simply to illustrate the enormity of the costs. The actual costs are almost certainly much higher,” Emsisoft noted.