Ransomware demand costs could exceed $1.4 billion in the U.S. in 2020, according to a new Emsisoft report derived from some 450,000 incidents submitted to ransomware identification service ID Ransomware in 2019.
Combining the cost of ransomware with the price of the resulting 16-day downtime might drive the expected overall cost of ransomware attacks to a high of $9.3 billion in the U.S., Emsisoft’s cyber researchers said. A conservative estimate pegs the overall cost at $2.3 billion, according to the company’s figures. At this point, the average ransomware demand is about $84,000 with one-third of victims paying the ransom.
The numbers are part of a 10-country investigation Emsisoft conducted to assess the cost worldwide of ransomware demands and downtime taken both separately and together. Emsisoft acknowledged that it estimated costs based on a limited amount of information and massaged the data having taken into consideration the number of ransomware incidents reported to ID Ransomware.
Among the countries Emisoft examined, only Italy came within 50 percent of the U.S. in the cost of ransomware demands for 2020. Globally, the cost to ransomware victims could range from $6 billion on the low-end to $25 billion at the high end for all 10 countries measured. Keeping in mind that downtime is experienced whether or not a ransom is paid, when the average downtime period is added to the cost of a ransomware attack, the totals rise significantly, ranging widely from $42.4 billion to $169.8 billion worldwide.
“Ransomware presents a significant risk to election security and, therefore, it is imperative that governments act quickly and decisively to address the problem and mitigate risks,” Emsisoft wrote. The intention of the report is to “shine a light on the massive economic impact of these incidents” to help governments and law enforcement agencies “formulate a proportionate response to the ransomware crisis.”
Here are some additional forecasts (ransomware + downtime costs) for the top five countries for 2020:
- Italy: $1.1 billion - $4.3 billion
- Germany: $1 billion - $4 billion
- Spain: $830 million - $3.3 billion
- UK: $469 million - $1.9 billion
- France: $121 million - $485 million
Costs associated with ransomware demands and downtime may be “significant over- or underestimates,” Emsisoft said. Still, the calculations are based on the best information available, the researchers said. If anything, Emsisoft said it had “almost certainly significantly understated” the cost of ransom demands plus downtime.
An Emsisoft report released last December examined the number of ransomware attacks on the U.S. public sector and the cost of those attacks.