A globe with the text ransomware spinning around it.
Image: darkfoxelixir/Adobe Stock

There’s good news and bad news in the world of ransomware, according to a report released by privileged access management company Delinea. Based on survey results, these types of attacks have decreased over the past 12 months, but the decline may be causing companies to become more complacent — to the point that they’re failing to take the necessary precautions.

The new report “Making the Hard Choices for Ransomware Readiness and Response” was based on a survey of 300 IT and security decision-makers in the U.S. conducted on Delinea’s behalf by Censuswide. The survey analyzed trends in ransomware in 2022 compared with 2021.

SEE: Mobile device security policy (TechRepublic Premium)

Jump to:

Fewer victims of ransomware in 2022

The Delinea report found:

  • Only a quarter of the respondents said they were victims of ransomware attacks in 2022, a significant drop from 64% the previous year.
  • Some 56% of organizations with 100 or more employees were hit by ransomware in 2022, down from 70% in 2021.
  • Over the same period, 13% of companies with fewer than 100 staffers were victimized by ransomware, down from 34%.

Why the decline? Delinea cited a few possible reasons: One factor may be the disbanding of the Conti ransomware group into smaller factions; another cause might be the greater effectiveness of security tools in preventing attacks; alternatively, it’s possible fewer victims are reporting ransomware attacks.

Fewer organizations willing to pay the ransom

The number of victims willing to pay ransoms to retrieve their data is also on a downswing: Just 68% of organizations hit by ransomware in 2022 paid the ransom — while still a majority, this figure is down from 82% the previous year.

At the same time, the average ransomware payment has increased. Payments in cases seen by Palo Alto Networks’ Unit 42 group reached almost $1 million over the first five months of 2022, a jump of 71% from the same period in 2021.

There are a few reasons why victims may be less willing to pay the ransom:

  • The FBI and other authorities have cautioned that paying the ransom doesn’t mean you’ll get your data back.
  • Payments encourage criminals to stage more ransomware attacks in a seemingly endless cycle.
  • More organizations could be turning to effective data backup tools to recover their files.

Victims still suffer the consequences of cyberattacks

Though fewer companies may have been victims of ransomware last year, those that do get hit suffer several consequences. Among the respondents who reported attacks:

  • More than half (56%) said they saw a loss in revenue.
  • Some 43% witnessed damage to their reputation.
  • Exactly half (50%) lost customers, and 24% had to lay off workers.
  • Only 3% said they experienced no repercussions.

Decline in certain measures to prevent ransomware

Along with the drop in ransomware attacks has been a decline in certain measures that companies take to protect themselves. Among those surveyed, 71% said they have an incident response plan, down from 94% the previous year. Some 68% said they currently devote money from their budget to defend against ransomware, down from 93% the prior year.

However, 76% of organizations hit by a ransomware attack boosted their security budget in response, up from 72% the prior year. The irony here is that many IT departments will receive more money for their security budget only after they’ve been attacked.

Ransomware: The most vulnerable areas

Whether or not they’re allocating enough money and resources for security, the IT decision makers surveyed are certainly aware of the threat that ransomware poses. Asked to identify the most vulnerable areas for ransomware attacks:

  • More than half (52%) identified email.
  • Some 42% pointed to software applications.
  • Less than one-third (29%) recognized privileged access as a threat vector.
  • Just 27% noted the cloud.
  • Only 16% named their endpoints.

Recommendations to prevent ransomware attacks

How can organizations better protect themselves against ransomware attacks? The respondents cited several steps that they’ve taken themselves. Some 53% said they regularly update their systems and software, 52% back up critical data, 51% enforce password best practices and 50% require multi-factor authentication. Other measures taken include application control, disabling macros from email attachments, and adopting a least privilege posture.

Delinea chief security scientist and advisory CISO Joseph Carson cited a number of measures. Some are relatively obvious, such as running frequent data backups, implementing an effective incident response plan and investing in cyber insurance.

“Organizations should take a more proactive approach to cybersecurity, in particular where they are most vulnerable to these types of attacks; namely identity and access controls,” Carson said. “By taking a least privilege approach, founded on zero trust principles and enforced by methods such as password vaulting and multi-factor authentication, organizations can significantly reduce their vulnerability to ransomware attacks.”

Intel 471 cyber threat intelligence analyst Jeremy Kirk also had suggestions to offer.

“Today, organizations can go from an initial intrusion to a full-blown ransomware incident in a much shorter period of time,” Kirk said. “Ideally, organizations should catch the initial intrusion or the follow-on malicious activity. Ransomware actors often focus on exfiltrating sensitive data before launching the file-encrypting malware, so often there is time to stop a debilitating encryption attack.”

Kirk also urges organizations to subscribe to threat intelligence platforms to help track ransomware gangs and their tactics. Using both automated collection tools and human intelligence, these platforms can spot changes in the ransomware scene and offer appropriate advice.

Understand your company’s exposure to ransomware and more with the Security risk assessment checklist from TechRepublic Premium.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday