State of Ransomware 2022 from the cybersecurity company Sophos shows that 66 percent of the surveyed organizations were affected by ransomware in 2021. A year earlier, it was 37 percent. The average ransom paid has nearly quadrupled in 2021 to $ 812,360.
There are also three times as many organizations in 2021 that paid at least $ 1 million compared to 2020. 46 percent of organizations whose data was encrypted paid the ransom to get their data back, even though they had other ways to recover data. as backups.
The report summarizes the impact of ransomware on 5,600 medium-sized organizations in 31 countries in Europe, the Americas, Asia, the Middle East and Africa, with 965 organizations sharing details on ransomware payments.
Paying is a risky option
“In addition to increasing payments, the study shows that the number of victims paying continues to rise, even when they are likely to have other options available to them,” said Chester Wisniewski, chief investigator at Sophos. “There can be several reasons for this, such as incomplete backups or to prevent stolen data from being displayed on a public website. In addition, in the wake of a ransomware attack, there is often intense pressure to get back to work as quickly as possible. Restoring encrypted data using backups can be a difficult and time consuming process. Then it is tempting to think that paying a ransom for a decryption key is a faster option, when in fact it is a more risky option. Organizations do not know exactly what attackers have done, such as adding backdoors or copying passwords. If organizations do not thoroughly clean up the recovered data, they will be left with potentially infected material in their network and possibly a repeated cyber attack. “
Paying more and more
An important result of the global State of Ransomware 2022 research is, among other things, that ransom payments have increased. In 2021, 11 percent of organizations said they paid a ransom of $ 1 million or more, compared to 4 percent in 2020, while the percentage of organizations paying less than $ 10,000 fell from 34 percent in 2020 to 21 percent in 2021. It has also been established that more victims pay ransom. By 2021, 46 percent of organizations whose data was encrypted in a ransomware attack paid the ransom. 26 percent of organizations that were able to recover encrypted data using backups by 2021 also paid a ransom.
The impact of a ransomware attack can be huge – in 2021, the average cost to recover from the most recent ransomware attack was $ 1.4 million. It took an average of a month to repair the damage. 90 percent of the organizations said the attack affected their ability to function, and 86 percent of the victims in the private sector said they lost business and / or revenue as a result of the attack.
Many organizations rely on cyber insurance to help them recover from a ransomware attack. 83 percent of midsize organizations had cyber insurance that covered them in the event of a ransomware attack, and in 98 percent of cases, the insurance company paid for the costs incurred (with 40 percent covering the total ransom payment). 94 percent of those with cyber insurance say that their experience of buying it has changed within the last 12 months. There are higher requirements for cybersecurity measures, more complex or expensive policies and fewer organizations providing insurance protection.
ransomware as a service
“The results suggest that we may have reached a peak in the evolutionary journey of ransomware, as attackers’ greed for ever-increasing ransom payments collides with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” Wisniewski said. . “In recent years, it has become easier for cybercriminals to implement ransomware, now almost everything as a service is available. Second, many cyber insurance companies have covered a wide range of ransomware recovery costs, including the ransom, which has likely contributed to ever-increasing ransom claims. However, the results suggest that cyber insurance is becoming more stringent and that victims of ransomware may be less willing or able to pay sky-high ransoms in the future. Unfortunately, this is unlikely to reduce the overall risk of a ransomware attack. “Ransomware attacks are not as labor-intensive as some other custom cyberattacks, so every return is worth it and cybercriminals will continue to hunt for the low-hanging fruit.”
To help companies defend themselves against ransomware and other cyber attacks, Sophos recommends some best practice on. It starts with installing and maintaining high quality defenses at all points in the organization’s environment. Security checks should be reviewed regularly. It should also be ensured that they continue to meet the needs of the organization. Administrators are advised to proactively search for threats to identify and stop opponents before launching their attacks. If the team does not have the time or skills to do this internally, it is recommended to outsource this to a Managed Detection and Response (MDR) specialist. The IT environment must be strengthened by looking for and closing important security holes. These include unpatched devices, unprotected machines, and open RDP ports. Extended Detection and Response (XDR) solutions are ideal for this purpose. The organization should know what to do if a cyber incident occurs, and keep this plan up to date. Finally, create backups and practice restoring them so that the organization can get up and running again as quickly as possible with minimal disruption.