BEC vs Ransomware: Which one is the worst?

BEC vs Ransomware:
Which one is the worst?


Home » Blog » ArmourHacks » BEC vs Ransomware: Which one is the worst?

BEC vs Ransomware

Business Email Compromise (BEC) and Ransomware are two different types of cyber threats that give huge impact and consequences to a business.  According to Internet Crime Report 2022 produced by FBI Internet Crime Complaint Center (IC3), there were 19,954 BEC complaints to IC3 with adjusted losses at nearly US$2.4 billion. In 2021, the IC3 received 3,729 complaints identified as ransomware with adjusted losses of more than $49.2 million. 

Business Email Compromise (BEC) or Email Account Compromise (EAC) are an email-based scam that uses email to trick employees into sending money to the attacker, which is a bad action. BEC is a form of cybercrime because it does not require a high level of technical expertise, such as hacking a system, but it still ranks among the most harmful and expensive scams that cost their victims money every year.

Ransomware is a form of malicious software that encrypts data on a computer, so trying to render it will be useless. The data is in the hands of an evil cybercriminal, captive until the ransom is paid. If the ransom is not paid, the victim’s data remains unavailable. Cyber criminals may also pressure victims to pay the ransom by threatening to destroy the victim’s data or to release it to the public. 

It can be difficult to compare the seriousness of cyberthreats like Business Email Compromise (BEC) and Ransomware because they each have unique traits and effects. However, these two notorious cyber threats stood out, here’s a breakdown of the impact of each threat to find which one is the worst.

Financial Loss

BEC and Ransomware attacks can leave both individuals and organisations with significant financial losses. The financial impact, however, can vary significantly depending on the specific attack, the size and sector of the targeted organisation, and other factors. Here is a general overview of the potential financial impact associated with BEC and ransomware attacks.

Due to fraudulent fund transfers and unauthorised transactions, BEC attacks can cause significant financial losses. According to the FBI’s 2022 Internet Crime Report, BEC attacks caused losses between October 2013 and December 2021 were over US$43 billion, with adjusted losses of US$2.4 billion in 2021, dwarfing the reported losses attributed to ransomware. 

Ransomware attacks can also cause financial impact to organisations when system and data are encrypted by hackers. Ransom demands can vary widely, from a few hundred to thousands or even millions of dollars. In 2022, ransomware was involved in 25% of all breaches, a dramatic increase in ransomware attacks. Additionally, 66% of organisations were impacted by ransomware in 2021, 78% higher than previous year. 

According to a survey of global IT Professionals conducted by Statista, around 72% of respondents paid a ransom to recover their compromised data. However, in 2022, ransomware payments have declined by more than 40% compared to 2021 because the victims chose not to pay the ransom. Also, according to the firm’s 2023 Crypto Crime Report, ransomware attackers extorted US$456.8 million from victims in 2022. This represents a significant decline from US$765.6 million in 2021, and US$765 million in 2020.

It is challenging to determine which one is worse because BEC and Ransomware can result in huge financial losses for the company.

Operational Disruptions

Cyber attacks can cause operational disruptions and impact various aspects of organisations. BEC attacks managed to compromise email accounts, which can stop vital business operations like supply chain management, purchasing, or invoicing. For instance, if hackers seize control of email accounts in charge of approving purchase orders, they may modify or redirect orders, resulting in delays, incorrect shipments, or non-payment for goods and services. 

Operational disruptions due to BEC attacks will damage organisations that heavily rely on suppliers and partners to carry out their daily operations. Because cyber threats targeting suppliers or partners can lead to delays in product delivery and inability to meet customer demands. This can have a negative impact on customer satisfaction, reputation and revenue.

Ransomware attacks are designed to encrypt the data and system of their victims which can seriously disrupt business operations. Many organisations believe that ransomware shouldn’t be a major concern if they have backups that help them quickly restore business operations. However, in modern cyber attacks, the hackers go beyond data encryption in order to cause as much disruption to business operations as possible, including the encryption and deletion of backups.

The latest ransomware attack hit BSI (Bank Syariah Indonesia), the largest sharia bank in Indonesia. On 8 May 2023, ATM and bank office transaction services of BSI went offline. Furthermore, the banking firm’s backup system had malfunctioned during the issue. Following headlines about the BSI security incident, the notorious LockBit ransomware gang took it to their leak site to claim the attack. In LockBit’s post, they claimed to have obtained 1.5TB of data from the Indonesian banking firm, which consisted of nine databases of the bank’s employees and over 15 million customers. 

BSI’s official website is now working normally, however Indonesian Vice President Ma’ruf Amin said that this incident was a bad experience for the public because many Islamic organisations and governments use Bank Syariah Indonesia as their only bank account. Therefore, the bank needs to improve its technology to prevent other attacks in the future.

In terms of operational disruption, ransomware attacks pose a higher risk compared to Business Email Compromise (BEC) attacks.


In conclusion, organisations are at serious risk from both business email compromise (BEC) and ransomware attacks, which can disrupt operations and result in losses. While ransomware attacks target technical vulnerabilities to encrypt data and demand ransom payments, BEC attacks primarily target human vulnerabilities through social engineering. Therefore, preventive measures need to be taken to limit the risks associated with these types of attacks.

To prevent BEC/EAC attacks, the company should focus on:

  • Employee education and training

Educate staff members regularly about the danger of Business Email Compromise (BEC) or Email Account Compromise (EAC) attacks, phishing tricks, and how to recognise malicious emails. Training should emphasise the importance of using alternative communication channels beside email to confirm requests for private information or financial transactions.

  • Multi-Factor Authentication (MFA)

For all accounts, especially those with access to confidential information or financial systems, implement MFA (Multi-Factor Authentication). By requesting additional authentication factors from users in addition to a password, MFA adds an extra layer of security.

  • Email Filtering and Protection

Set up reliable and proven email filtering solutions that identify and stop phishing attempts, malicious attachments, and suspicious emails. 

  • Strong Password Policies

Implement strong password policies, such as the use of long, complex passwords that are updated frequently. Encourage against using the same password for various accounts.

  • Vendor and Supply Chain Verification

Establish protocols, such as independently cross-checking contact information, to validate vendor or supplier requests for changes to payment details. Implement a safe and consistent process for checking and updating vendor data.

Read more: Supply chain attack and examples

To prevent ransomware attacks, organisations should focus on:

  • Regular Software Updates and Patch Management

The most recent security patches should be applied to all software and systems. Attackers may use vulnerabilities in outdated software to gain unauthorised access.

Learn more: Cloud Patch Management

  • Backup and Recovery Practices

Maintain regular backups of your important data and store them offline or in other safe places. To ensure that backups are reliable and easy to access in the event of an attack, test the restoration procedure.

  • Employee Awareness and Training

Educate employees about ransomware risks, safe browsing habits, and the importance of avoiding suspicious websites, links, or attachments. Also encourage reporting of any suspicious activity or incidents promptly.

  • Endpoint Security Solutions

Set up comprehensive endpoint security solutions, including firewalls, antivirus, and anti-malware tools. Update and monitor these security solutions to detect and mitigate potential threats. 

Read more: EDR vs Antivirus

  • Incident Response Planning

Create and test an incident response strategy to guarantee an efficient response in the event of a ransomware attack. This includes taking action to isolate infected systems, alerting pertinent parties, and interacting with law enforcement and cybersecurity experts.

All-in-One Cybersecurity Platform from ArmourZero

The focus of a business today should be on protecting critical devices and the environment, not just security perimeters, with a high-performing cybersecurity platform rather than with numerous dissimilar and isolated security tools.

ArmourZero understood these needs and built partnerships with experienced cybersecurity specialists to integrate a cybersecurity platform that comprises best-of-breed security solutions from Automox, Avanan, CrowdStrike, DNSFilter, RiskRecon, and WithSecure. ArmourZero integrates cybersecurity services and Security Operations Center (SOC) that will monitor your company 24/7/365 and to help you keep cyber hygiene and policy enforcement up to date.

If you’re looking for a Security-as-a-Service solution to protect your operating systems and third-party applications such as Microsoft Office and Adobe, ArmourZero has partnered with Automox to offer just that. What sets ArmourZero apart from resellers or distributors is that you won’t just receive a security licence, but also a 24/7 SOC to monitor and alert you of any potential threats.

With this service, you can rest assured that you’ll be protected against known vulnerabilities by controlling authorised/unauthorised applications, ensuring continuous patches, and always having up-to-date versions released by the application vendor. If you’re interested, check out our price list for ArmourZero’s Patch Management as a Service and schedule your demo.

Fanny Fajarianti ArmourZero

Written by: 

Fanny Fajarianti (Performance Marketing). Experienced digital marketer in the information technology and services industry.

Share this post

Related Posts

Earth Day: The Surprising Connection of Cybersecurity and Sustainability

Earth Day: The Connection of Cybersecurity and Sustainability

Uncover the link between Earth Day and Cybersecurity, promoting sustainability through data protection and environmental stewardship. Let’s secure a greener future.

Read more

What is DevSecOps? Definition & Best Practices for Tech Industries

What is DevSecOps? Definition & Best Practices for Tech Industries

Learn about DevSecOps, principles, and best practices for the tech industry. Integrate security seamlessly into software development and enhance quality.

Read more

Safeguarding Your Organisation During the Hari Raya Holiday

Safeguarding Your Organisation During the Hari Raya Holiday

Protect your organisation from holiday cyberattacks during Hari Raya. Learn more about the risks and best practices for holiday security with ArmourZero.

Read more

Cyberattacks A Growing Threat to Higher Education

Cyberattacks: A Growing Threat to Higher Education

Universities hold sensitive data but face cyberattack risks in the digital age. Explore the impact of cyberattack and learn how to protect your institution.

Read more