Last week, the semiconductor conglomerate Applied Materials, stated during an earnings call that it estimates that a ransomware attack on one of its suppliers would cost the company $250 million in the upcoming quarter. While the company did not reveal the identity of the supplier in question, industry analysts suspect the company in question was MKS Instruments, a technology and engineering firm, which recently announced the postponement of its fourth-quarter earnings call due to a ransomware attack.
MKS Instruments said that it is still in the process of recovering from the ransomware attack it disclosed earlier this month, which significantly impacted the company’s ability to process orders, ship products, and provide service to its customers in its Vacuum Solutions and Photonics Solutions Divisions.
Additionally, the company stated that it is still unsure of the full scope of the costs and impacts related to the attack, and it is currently determining whether its cyber insurance will cover any of the expenses. Due to the ransomware attack, MKS Instruments also decided toe rescheduled reschedule their earnings report to February 28 to provide the company with more time to address the financial impact of the event.
Ransomware is no longer just a cyber threat
This incident further emphasizes the impact that ransomware attacks can have on businesses besides the cost of the actual ransom, which can often be easily overshadowed by the additional costs, such as the inability to process orders, ship products and provide services. This is what makes ransomware a commercial threat, making implementation of effective anti ransomware solutions so important.
It’s already a global consensus that with ransomware it’s no longer a matter of if, rather when your organization is going to be targeted by a ransomware group. If the attack is successful, the ransom itself is usually just a small part of the total costs incurred. Today’s ransomware attacks usually involve triple, if not quadruple extortion techniques. This means that the victim isn’t exposed to just losing their data if they don’t pay the ransom. Failure to play ball with a ransomware attacker usually leads to confidential company (and/or customer) data being leaked or sold to the public. Not only this, but threat actors have now started to actively attack organizations who refuse to pay with distributed denial of service (DDoS) attacks to further cripple the organizations’ ability to conduct business.
Companies that suffer ransomware attacks are often attacked again
According to a study, 80% of companies that suffered a ransomware attack and paid the ransom, were exposed to a second attack shortly thereafter. This goes to show that if you’ve suffered an attack, it doesn’t mean the attacker will just move on and leave you alone. On the contrary, a company that has paid ransom could very likely be specifically targeted again at a later stage because the attackers know that they don’t have an adequate anti ransomware solution in place, and that the company would most likely be inclined to pay ransom if hit again.
Ransomware protection is a business solution, not just IT
As you can see, have air-tight ransomware protection in place is a basic must for all organizations from a business prospective, not just from an IT aspect. This is why it’s not just CISOs and IT managers who take the time to ensure their companies are not prone to ransomware. Today, even CEOs and members of the board have an invested interested and obligation to ensure that their company has done all it can to ensure that they will not be next to appear in newspaper headlines as the latest victim of a ransomware attack