In recent months, a proliferation of ransomware attacks has affected everyone from personal-computer and smart-phone owners to hospitals and police departments. An attack works like this: A virus arrives and encrypts a company’s data; then a message appears demanding a fee of hundreds or thousands of dollars. If the ransom is paid in time, the information is restored. “At the heart of this new business model for cybercrime is the fact that individuals and businesses, not retailers and banks, are the ones footing the bill for data breaches,” Josephine Wolff noted in The Atlantic back in June.
According to an FBI tally, ransomware attacks cost their victims a total of $209 million in the first three months of 2016, a stunning surge upward from $24 million in all of 2015. However, that figure was based only on the complaints that victims reported to the bureau. In a new report, Datto, a Connecticut-based cybersecurity company, offers an alarmingly higher estimate that accounts for unreported incidents and lost productivity, which costs businesses far more than paying ransoms does.
The company’s survey of 1,100 IT professionals found that nearly 92 percent had clients that suffered ransomware attacks in the last year, including 40 percent whose clients had sustained at least six attacks. The report found that “less than 1 in 4 ransomware incidents are reported to the authorities.” Factoring in the cost and average amount of time lost to infections—an overwhelming majority of small businesses hit by ransomware face at least two days of downtime—as well as the number of businesses affected by them, Datto suggests that the financial impact of this brand of cybercrime starts in the range of $75 billion each year.