This article is more than 1 year old
Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority
Spreadsheet breaks down spend on staving off future badness
An organisation whose network was infected by Ryuk ransomware has spent $8.1m over seven months recovering from it – and that’s still not the end of it, according to US news reports.
The sum, spent by Baltimore County Public Schools, will doubtless raise some eyebrows and the public breakdown of the costs will be eye-opening for the infosec industry and potential corporate ransomware victims alike.
A spreadsheet obtained by Fox 45 News Baltimore, a TV station, revealed the $8.1m spending and also broke it down into individual line items.
NEW:
— Amy Simpson (@AmySimpsonTV) June 15, 2021
We're learning more about the price tag of ongoing recovery from the ransomware attack on @BaltCoPS in November.
BCPS provided this line-by-line breakdown of costs -- now totaling more than $8.1 million dollars.@FOXBaltimore pic.twitter.com/07Lp7D4laQ
Of the full sum, $2m alone was spent on “ERP cloud transition and recovery” with provider CGI. A Dell (VMware) Carbon Black cloud-based endpoint security licence for one year of Windows protection came in at $699,298, while $606,648 was spent on device monitoring and tracking.
Just $2m of the $8m spend was covered by insurance, the spreadsheet showed, also noting $11,500 in ransomware negotiation costs. There was no line item explaining whether a ransom was paid or if so, how much it was.
- Hospitals cancel outpatient appointments as Irish health service struck by ransomware
- Command 'n' control botnet of notorious Emotet Windows ransomware shut down in multinational police raid
- Scottish Environment Protection Agency refuses to pay ransomware crooks over 1.2GB of stolen data
- Ryuk this for a game of soldiers: Ransomware-flingers actively targeting hospitals in the US, cyber agencies warn
As we reported when it first happened, the BCPS network was infected by Ryuk ransomware in November last year. 115,000 children were unable to access remote classes (being held online due to the pandemic) and were cut off from school for a week while administrators rebuilt critical systems.
The attention of news outlets moved on after a few days (possibly a result of BCPS’ $50,000 spend with FTI Consulting on PR advice), but the enduring tech and financial damage is still being felt months later.
Infosec firm Sophos said in April that the average cost of getting over a ransomware attack is $2m, a sum that “has more than doubled in a year”. Last year French-headquartered IT outsourcer Sopra Steria said a Ryuk attack was set to cost it between 40 and 50 million euros after “a previously unknown strain” compromised its Active Directory server.
Ryuk is one of a handful of high-profile ransomware strains being deployed as part of the ransomware-as-a-service market against predominantly Western targets.
Today, US president Joe Biden and Russian president Vladimir Putin are due to meet for the first time; among other topics, Biden will be raising the issue of Russia’s shielding of ransomware gangs from legal consequences for their actions. ®