Ransomware, 66% of companies have been affected by an attack
IT security specialist Sophos presented the new edition of its Ransomware Status 2022 which analyzes one of the most aggressive and harmful phenomena in the field of cybersecurity.
The report analyzes the impact that Ransomware counted more than 5,600 companies in 31 countries around the world and indicates that the 66% of companies involved in research suffered a ransomware attack in 2021, with a 37% growth compared to 2020.
But the most impressive figure - points out Sophos - concerns the amount of the average ransom paid by the victims, which is quintupled compared to the previous period, settling on $812,360.
Also, it is disturbing to note that 46% of companies who had their data encrypted decided to pay the ransom anyway, while having other means of recovering the data, such as backups.
The sums paid for the ransom therefore increase: the11% of companies said it paid ransoms of $1 million or more in 2021, growing 4% from 2020 while the percentage of businesses that had to pay sums of less than $10,000 fell to 21% (against 34% in 2020).
Ransomware, growth in volume and impact
The number of victims who pay the ransom is also increasing: in 2021, the 46% of companies whose data was encrypted following a ransomware attack decided to pay the ransomand 26% of those who managed to recover their data via backup nevertheless paid a ransom.
The impact of ransomware - points out Sophos - can be devastating: the average cost of recovery following an attack amounted in 2021 to $1.4 million and the return to normal took on average up to a month.
90% of companies also said the attack suffered seriously compromised the proper conduct of his business and 86% of private sector victims reported having suffered economic losses and business opportunities due to the effects of ransomware.
The number of companies with acyber risk insurance.
L'83% of medium-sized companies has taken out insurance policies that can protect them in the event of ransomware attacks and, in 98% of episodes occurredthe insurer totally or partially covered the costs resulting from the damage suffered (40% also covering the costs of paying the ransom).
the 94% of the sample - continues Sophos's analysis - said that during the process of purchasing cyber risk insurance, it detected an increasing demand for verification of the cybersecurity measures adopted, an increasing cost of policies and less companies willing to offer this type of insurance protection.
The situation in Italy
the 61% of the sample of Italian companies examined in the Sophos report fell victim to ransomware in the past year, while 27% expects to be affected in the future.
Among the companies affected by ransomware, the 63% experienced file encryption while the 26% succeeded in blocking the attack before the data is encrypted.
the 43% paid the ransom and recovered its data while the 78% said they were able to recover the data through its own backup.
Of the companies that paid the ransom, 24% recovered about half of their data e only 3% managed to recover all the data stolen by the cybercriminals.
The ransom amount paid is in most cases (37% sample) between $100,000 and $249,999.
the 55% of Italian companies affected - adds Sophos - said the impact on its business operations was very high and the recovery time was up to a week for 36%, up to a month for 34%, while only 11% of l sample returned to normal in less than a day.
As for cyber risk insurance, the 47% of the sample state that their policy also covers damage caused by a ransomware attack. 7% despite having cyber insurance are not covered for this type of attack and 5% of the sample declare that their company does not have cyber risk insurance.
Chester WisniewskiPrincipal Investigator at Sophos, commented: "Besides the exponential growth in the amount of ransom payments, this report also indicates that the percentage of victims who pay continues to increase, even in cases where companies actually have other options to recover their data.
The reasons for this decision are many, such as incomplete backups or the desire to prevent data stolen from the company from being disseminated online. Additionally, following a ransomware attack, businesses urgently need to get back up and running as quickly as possible, and restoring encrypted data using backups can be a complex and time-consuming process. For this reason, it may be tempting to think that paying a ransom is a faster option, but it is also a choice that involves considerable unknowns: the victims of the attack cannot be sure of the maneuvers that the cybercriminals have made against them, such as adding backdoors. , copying sensitive passwords and credentials, etc.
If companies do not perform adequate checks on the data retrieved, they will end up with a lot of potentially toxic material in their network and therefore may again be exposed to attacks in the future.
What emerges from the report indicates that we may have reached a peak in the evolutionary journey of ransomware, where attackers' greed for ever-higher ransom payments meets a hardening IT insurance market, as insurers are always looking for more than reducing their ransomware risk and exposure.
In recent years, it has become increasingly easy for cybercriminals to distribute ransomware, given the prevalence of computing resources in as-a-service mode. Additionally, many cyber risk insurance providers have covered a wide range of ransomware recovery costs, including ransomware, likely contributing to ever-higher ransom demands.
However, the report indicates that cyber insurance providers are becoming more demanding and strict, and in the future, ransomware victims may become less willing or less able to pay exorbitant ransoms. Unfortunately, this is unlikely to reduce the overall risk of a ransomware attack.
These attacks don't require as many resources as other types of cyberattacks, so any gain cybercriminals can make will always be a great return on investment.".
Advice from Sophos
To raise the bar against ransomware, Sophos experts suggest five simple steps.
First, install and maintain cybersecurity solutions across the enterprise perimeter, monitoring policies and settings to ensure they meet the highest security requirements.
According to: proactively monitor threats to identify and block attacks in a timely manner. If the IT team within the company does not have the time or the skills to manage these aspects internally, it is advisable to evaluate the support of an expert in Managed Detection and Response (MDR).
Then: increase the security level of the IT environment identify and close gaps, from devices without patch to unprotected machines to open RDP ports, etc. Extended detection and response (XDR) solutions are ideal for this purpose.
Third, Prepare for the worst: know what to do in the event of a cyber incident and always keep the backup plan up to date.
At last, backup and restoreso that the company can resume normal operations as soon as possible, minimizing damage and consequences.
Read all our articles on Sophos