First-order harms: Direct targets of ransomware attacks.
The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or Industrial Control Systems; one example is when ransomware's impact on IT prevents other systems from working properly.
An organization's incident response to ransomware might impact business because incident handlers often need to isolate parts of the IT infrastructure to conduct their remediation and recovery operations - sometimes for weeks.
The financial harm attributed to ransomware attacks, while being very impactful for organizations, can be tricky to estimate.
The psychological harm of ransomware attacks on staff is intense and is often overlooked.
Considerable stress for the individuals involved in responding to ransomware attacks can lead companies to hire a post traumatic stress disorder support team.
Staff might experience physical harm as a result of ransomware attacks; possible effects are weight changes, sleep deprivation, mental exhaustion, physical burnouts, heart attacks or stroke.
Second-order harms: Indirect consequences of ransomware attacks.
For starters, ransomware attacks on outsourced IT sources might be harmful; cloud service providers might be attacked, and their customers might end up with their own data being lost.
Ransomware attacks might steal data from companies indirectly via their suppliers, which might result in the data being exposed publicly or sold to other cybercriminals in underground marketplaces.
Individuals' health can be harmed by ransomware attacks.
Ransomware attacks in some cases have forced hospitals to postpone surgeries or disrupt patients' cancer treatments, which also causes a lot of stress and anxiety in addition to the delays.
Individuals might be financially impacted; for instance, in the U.K., ransomware attacks against local authorities disrupted residents' abilities to access housing benefits.
The Russian-speaking ransomware attackers whose operations benefit from a safe harbor in Russia, the state maintaining close ties with cybercriminals or groups, and co-opting them or their capabilities for its own needs, according to the study.
There can be societal harm in reaction to ransomware attacks.
Victims of ransomware attacks rarely share their experiences.
Regarding infrastructure, clear incident response feedback needs to be shared amongst all staff involved in incident response to help increase efficiency if another ransomware attack hits the company later.
Organizations should help staff that are highly involved in ransomware incident response and might suffer from PTSD by offering them the possibility to consult medical or psychological experts.
Ransomware attacks and their impacts are well understood from a technical point of view, yet it is difficult to estimate the costs to recover from those attacks and even more difficult to estimate all the impact they have on nations, organizations, staff and individuals.
The psychological impact of ransomware attacks in particular is largely overlooked and should be taken into much more consideration.
This Cyber News was published on www.techrepublic.com. Publication date: Mon, 29 Jan 2024 21:13:04 +0000