I've worked a lot of #ransomware incidents and I've found that most companies don't realize what the true cost of a ransomware incident is.

But isn't it just paying the ransom or restoring and you're done? Nope. Here are the (potential) costs (based on my experience): (1/X)
Cost 1. Insurance

Wait, won't insurance help me recover money? Yep. But there's a little thing called a deductible. So, while this isn't a direct cost, it's still gonna cost you money. (2/X)
Cost 2. Incident Response

The ransomware didn't just appear in your network. You need to figure out root cause, what the attackers did in your network, and what (if any) data was taken. If you don't have IR figure all this out, it will happen again. (3/X)
Cost 3. Legal

Legal will be the ones to tell you how to navigate the minefield of reporting obligations, ensure your communications are privileged so opposing counsel can't see them if you get sued, and advise you if paying the ransom will get your butt thrown into jail. (4/X)
Cost 4. Crisis Communications

Sure you have a communications team, but have they ever dealt with a crisis? How will you notify your customers? What will you say?
If your team has never gone through this, you'll need a crisis communications firm to tell you what to do. (5/X)
Cost 5. IT Support

You aren't going to (correctly) recover from a ransomware attack over the weekend. Recovery is a 24x7 job and your IT will burn out if you work them like that. Orgs often need to bring in extra help and expertise to rebuild things properly and quickly. (6/X)
Cost 6. Ransom

Every ransomware incident needs to say if they will pay the ransom. Sometimes, its the only way to get your data back or prevent highly sensitive data from being leaked. Hopefully you won't ever have to pay, but if you do need to you should also get ... (7/X)
Cost 7. Ransomware Negotiator

... a ransomware negotiator.

These are organizations that specialize in helping reduce the ransom amount and ensuring your data is deleted (although surprise surprise attackers often don't completely delete your data). (8/X)
Cost 8. Other Costs

Is that it? No.

There are lots of other costs associated with ransomware attacks. Examples include fines, hardware and software recovery costs, loss of productivity, lawsuits, loss of customers, ongoing monitoring, etc. and more I'm sure. (9/X)
My point here wasn't to scare anyone, just to get organizations thinking about the true costs of a ransomware incident.
BTW, if I missed a common cost let me know in a tweet.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Tyler Hudak

Tyler Hudak Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!