AFP PHOTO / ANP / Rob Engelaar / Netherlands OUT
Only 8% of organisations recover data after payment
Recovery cost from ransomware attacks has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021.
This is according to the latest findings by Sophos, a global leader in next-generation cybersecurity, in its global survey: ‘The State of Ransomware 2021’. The survey revealed that 22 per cent of respondents from Nigeria had experienced a ransomware attack in the last 12 months, compared to 53 per cent in 2020.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
Sophos said 39 per cent of the respondents from Nigeria that were not hit by ransomware in the last 12 months but expect to be hit in the future, believe that ransomware attacks are getting increasingly hard to stop due to their sophistication whereas 26 per cent of respondents that were not hit but expect to be hit in the future, said it was hard to stop their users from compromising the organisation’s security
The report, which noted that the average ransom paid globally is $170,404, said findings have also shown that only eight per cent of organisations managed to get back all of their data after paying a ransom with 29 per cent getting back not more than half of their data.
The survey polled 5,400 information technology (IT) decision-makers in mid-sized organisations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East and Africa.
While the number of organisations that experienced a ransomware attack fell from 51 per cent of respondents surveyed in 2020 to 37 per cent in 2021, and fewer organsations suffered data encryption as the result of a significant attack (54 per cent in 2021 compared to 73 per cent in 2020), the new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack.
Principal Research Scientist, Sophos, Chester Wisniewski, said: “The apparent decline in the number of organisations being hit by ransomware is good news but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviors.
“We have seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. While the overall number of attacks is lower, as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs,” he said.
Further findings showed that while the average ransom paid was $170,404, $3.2 million was the highest paid out of those surveyed, the most common payment was $10,000. It disclosed that 10 organisations paid ransoms of $1 million or more. The report said the number of organizations that paid the ransom increased from 26 per cent in 2020 to 32 per cent in 2021, although fewer than one in 10 (8 per cent) managed to get back all of their data
“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organizations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” said Wisniewski, adding: “This could be in part because using decryption keys to recover information can be complicated. What’s more, there’s no guarantee of success. For instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible.”
Sophos revealed that more than half (54 per cent) of respondents believe cyberattacks are now too advanced for their IT team to handle on their own.
“Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data,” said Wisniewski. “Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more.
Further, the definition of what constitutes a ‘ransomware’ attack is evolving. For a small, but significant minority of respondents, the attacks involved payment demands without data encryption. This could be because they had anti-ransomware technologies in place to block the encryption stage or because the attackers simply chose not to encrypt the data. The attackers were likely demanding payment in return for not leaking stolen information online. A recent example of this approach involved the Clop ransomware gang and a known financially motivated threat actor hitting around a dozen alleged victims with extortion-only attacks.
“In short, it is more important than ever to protect against adversaries at the door, before they get a chance to take hold and unfold their increasingly multi-faceted attacks. Fortunately, if organisations are attacked, they don’t have to face this challenge alone. Support is available 24/7 in the form of external security operations centers, human-led threat hunting and incident response services.”
Sophos recommended that it should assume one will be hit. It stressed that ransomware remains highly prevalent, adding that no sector, country or organisation size is immune from the risk. It’s better to be prepared, but not hit, rather than the other way round.