Envista Named to Inc 5000 List of Fastest-Growing Private Companies. Read More.

×
Digital Forensics, Equipment Loss

Post-Ransomware Cost Review

25 October 2021

Envista's Data Loss Consulting team was brought in by a carrier to confirm a ransomware attack and determine the cost to remediate the damage. The insured was a mid-sized manufacturing company that sustained a ransomware variant that encrypted production data as well as inventory and accounting information.

During a ransomware event, a virus changes user data by converting it into a non-usable format via encryption. Then, a "ransom note" message is displayed that offers to decrypt the data in exchange for a form of digital payment. A ransomware virus can move throughout a network and impact any connected resources including backups.

The goal of any investigation after a ransomware attack is to provide recommendations for fair and reasonable costs to restore the network to pre-loss condition. A Data Loss Consulting expert was tasked with determining whether equipment replacements or upgrades were necessary and evaluating costs related to maintaining or installing software.

Due to the ransomware issue, the insured was looking to replace their server, network, and workstation equipment following the attack and claimed $50,000 in damages, which also included overage charges related to the business' online backup software.

In this case, an Envista expert determined that the ransomware attack did not physically damage the equipment, so it could be wiped and re-loaded instead of replaced, therefore the cost of the claim was to reload infected equipment only and restore a backup once overage charges were paid on the backup system, which was approximately $25,000. This amount could restore the network to pre-loss conditions and support overage charges in the data backup system. As such, Envista helped save our client $25,000.

NOTE: In some ransomware cases, limited purchases of IT equipment do occur, such as drives to speed up the data recovery process and store the encrypted files in case decryption becomes available via the IT community. However, as the goal is to restore the network to pre-loss condition, replacement of equipment or upgrades to security and software are not typically covered.

Has a recent catastrophe affected you?

Our experts are ready to help.

About The Author
Jared Fegan
Jared Fegan
Senior Project Consultant, IT Hardware
How Can We Help You?

We have experts in multiple disciplines all around the world. Talk to us and we'll help you find the right expert for the job.

 Envista Forensics Logo
Explore Our Site

Our job is to solve complex problems for our clients, in the face of a disaster. We serve business owners, small and large, no matter where they are in the world, and no matter what problem they are facing.