SEC filings show hidden ransomware costs and losses | #malware | #ransomware


The ransomware scourge reached unprecedented levels in 2021, with ransomware threat actors demanding, and in many cases receiving, ransom payments in the millions of dollars. The world’s largest meat processor, JBS, confirmed in June 2021 that it paid the equivalent of $11 million in ransom to respond to the criminal hack against its operations.

Colonial Pipeline paid $4.43 million to its ransomware attackers in May 2021, although in a subsequent operation, the U.S Department of Justice (DOJ) seized $2.3 million of that amount. In May, backup appliance supplier ExaGrid paid a $2.6 million ransom to cybercriminals that targeted the company with Conti ransomware.

The actual costs of ransomware attacks, including lost revenue, can far eclipse the simple dollar amount of any ransom paid. For most private companies, the costs of ransomware attacks, and even the attacks themselves, can be hidden from view, which is one reason why mandatory ransom payment reports for all organizations became law last week.

On the other hand, publicly traded companies are obligated to report to the U.S. Securities and Exchange Commission (SEC) any cyber incidents that materially affect their operations, including ransomware attacks. Most publicly traded corporations registered with the SEC fulfill this obligation by reporting these attacks on an SEC form called 8-K. (Note: the SEC is developing plans to require all publicly traded firms to report material cybersecurity incidents within four days after the registrant determines that it has experienced such an incident.)

CSO ‘s examination of 8-K filings at the SEC found 30 publicly traded companies that reported a ransomware incident, paid ransomware-related expenses, or received ransomware-related insurance reimbursements during 2020 and 2021. Although most of these filings deemed the ransomware attacks as not material or lacked financial data to spell out the costs experienced in dealing with the incidents, seven contained sufficient cost data to shed light on how high the costs of a ransomware incident can go.

Ransomware costs one company $50 million in legal expenses, another $64 million in lost revenue

The following are snapshots of what these filings had to say.

Copyright © 2022 IDG Communications, Inc.



Original Source link

Leave a Reply

Your email address will not be published.

− 5 = two