A successful ransomware attack can devastate an organization, resulting in lost or leaked data, financial pain, business and operational downtime, loss of revenue, and even reputational damage. A new report from security firm Sophos looks at the effects of ransomware on businesses and offers a few tips on how to protect your organization from these types of attacks.
SEE: Mobile device security policy (TechRepublic Premium)
The Sophos “State of Ransomware 2022” report is based on a survey of 5,600 IT professionals in mid-sized organizations (100-5,000 employees) across 31 countries. Conducted in January and February of 2022, the survey asked people to address their experiences with ransomware in 2021.
Among the respondents, 66% said their organizations were hit by ransomware in 2021, up from 37% in 2020. This dramatic increase is likely due to the ability of cybercriminals to scale and expand their attacks as well as the growing rise of the Ransomware-as-a-Service model, which allows more amateur criminals to carry out these types of attacks.
Attackers have also become more adept at encrypting data as part of their ransomware campaigns. In 2021, files were successfully encrypted in 65% of the attacks reported, up from 54% in 2020. At the same time, the number of extortion-only attacks in which the criminals did not encrypt sensitive files but instead threatened to publicly leak them dropped to 4% from 7%.
Whether or not to pay the ransom is a decision every victim faces in a ransomware attack. Some 46% of those surveyed said they chose to pay. But those organizations received only 61% of their data on average, down slightly from 65% the prior year. Further, only 4% of those that paid the ransom got back all of their data last year, down from 8% in 2020.
Some 965 respondents who reported paying the ransom shared the specific amount they paid, helping Sophos determine that such amounts have jumped over the last year. The percentage of victims who paid more than $1 million rose to 11% last year, up from 4% the prior year. Over the same time, the volume paying less than $10,000 fell to 21% from 34%. In 2021, the average payment reported was $812,360, an increase of almost five times from $170,000 in 2020.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Increasing your security budget and hiring more people aren’t necessarily the best ways to combat ransomware, according to the survey. Some 64% of those hit by ransomware attacks in 2021 said they have more cybersecurity budget than they need, while 65% said they have more staffers than they need. These results imply that organizations are still struggling to figure out how to better use the resources they have to deal with ransomware attacks.
A successful ransomware attack can reverberate throughout an organization. A full 90% of the respondents hit by ransomware last year said that the most significant attack hurt their ability to operate. Some 86% reported that the attack caused them to lose business or revenue.
The average cost to clean up the impact of a successful attack was $1.4 million. That number was down from $1.85 million in 2020, reflecting in part the ability of cyberinsurance providers to help victims by picking up a larger amount of the costs of remediation. On average, organizations hit by ransomware took a month to recover from the most significant attack.
To help organizations better combat ransomware attacks, Sophos offers the following tips:
- Make sure you deploy effective security protection at all points in your organization and environment. Regularly evaluate your security defenses to ensure that they continue to meet your needs.
- Proactively look for potential threats so that you can stop an attack before it causes damage. If you lack the necessary time or resources in-house, outsource this task to a provider skilled in managed detection and response.
- Strengthen your environment by scanning for and closing security gaps, such as unpatched devices, unprotected machines and open RDP ports. An extended detection and response tool can help with this task.
- Expect and prepare for the worst. Determine ahead of time what you need to do and who you need to contact if and when an attack occurs.
- Regularly back up your sensitive files and practice the method used to recover and restore them. The goal is to try to get your business up and running as quickly as possible so as to minimize downtime.