You arrive at the office one morning, sit down at your computer, and see a message on your screen demanding payment in bitcoin to get access to your files. What you don't know yet is that every computer in your company is displaying the same message. Whether you pay the ransom or not is something only you can decide. In this post, I'm going to try to lay out how much you can expect to pay if you don't, or if you do and you don't get your files back anyway.
First, you are going to have to send people home. This depends on what each person does of course, but if they rely on their desktop or laptop to work, they won't be able to work for a couple of days. Are you going to pay people while you recover? Plan on a day or two of typical labor expense for your business.
Second, your business is going to be hobbled while the recovery takes place. How will you take payments, accept appointments or reservations, answer emails? Even your phones may be down. How will customers reach you? Unless customers walk into your business and buy things with cash, you should plan to lose at least one day of revenue.
If you have the capability to perform a bare-metal restore, you are in luck. Plan to spend about 4 hours for each laptop and workstation on the restore operation. Plan for an entire day for each server. Then add another hour for each device to apply patches.
If you are not doing a bare-metal restore, for each laptop, workstation, and server in your company, plan for two hours of labor for someone to reinstall the operating system and bring it current with patches. Now add another hour or two to reinstall all the applications (office application suites, accounting software, business-specific software). If you didn't keep the license keys somewhere, you'll most likely need to repurchase that software. you may be forced to buy a newer version of the software than you had been using, as the old version may no longer be available. Now add an hour for each laptop and desktop to restore the user files. And finally, plan for it to take the rest of the day and into the evening to restore the data on each server.
If you don't have a recent backup, the files that you created subsequent to that backup are gone. If you don't have a backup at all, or the one you do have will not restore, all of your files are gone. Changes made to files subsequent to the last good backup are also gone. Only you can determine how much those files and or missing updates are worth. At the very least they are worth whatever you paid to have them created/updated, only now times two because they have to be recreated. If that's even possible.
You're back in business now. It has been a physically and emotionally draining couple of days since you first walked into your office and saw that ransomware demand. Over the next days and weeks, you are going to discover other things that you lost. So, how much did all this cost? It's hard to say since the math is different for every business. However, I think I've given you enough information to make a ballpark estimate of the cost.
Now you have to decide how much you want to invest to make your recovery faster and more complete. If you think this is something that can't happen to you. Think again. Or think about what would happen if there was a fire or a flood or a disgruntled employee. Think those things can't happen to you? If they do, you are facing the same recovery scenario, only now you may have to buy new computers as well.