Sophos, a global leader in next-generation cybersecurity, has announced the findings of its global survey, The State of Ransomware 2021, which reveals that the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from US$761,106 in 2020 to US$1.85 million in 2021.
The average ransom paid is US$170,404. The global findings also show that only 8% of organizations managed to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.
The survey polled 5,400 IT decision makers in mid-sized organizations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East and Africa.
Globally, fewer organizations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020). The new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack.
“The apparent decline in the number of organizations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviors,” said Chester Wisniewski, Principal Research Scientist, Sophos.
“We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.”
Globally, the number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all of their data.
“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organizations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” said Wisniewski.
“This could be in part because using decryption keys to recover information can be complicated. What’s more, there’s no guarantee of success. For instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible.”
We asked industry experts how cybercriminals have changed their behavior and if these changes have made them more dangerous? Here are their responses.:
Tom Callahan, Director of Operations (MDR) at PDI Security Solutions
One thing to keep in mind is that cybercriminals are almost always ahead of any security solutions simply because they’re on the offensive, and everyone else is trying to predict what they’ll do next. As much as we want to be proactive, we often end up having to react to whatever new threats they create. One of the more interesting recent developments in the cyberthreat world is the concept of extortionware or doxware.
By now, almost everyone is familiar with ransomware, where cybercriminals essentially lock out businesses or government entities from their systems and data until a ransom is paid. Extortionware is even more dangerous, because it goes a step further.
Like ransomware, the attacks typically involve a computer infected via a phishing email. Where extortionware differs is primarily the sheer escalation of the threat. For instance, if you try to negotiate too aggressively or refuse to make the ransom payment, it’s no longer just about getting locked out from your data and systems.
Instead, cybercriminals are actually taking your (theoretically) confidential data and uploading to a public venue or selling it off to the highest bidder. Even if you’ve strengthened your backup and recovery capabilities, a cybercriminal might need only a few minutes to access confidential data-such as PII, cardholder information or HIPAA-regulated records – and they suddenly have enough materials to extort you.
The resulting damage can be both extensive and expensive: regulatory fines, legal fees, damage to your reputation, and the vast time and effort required just to identify exactly what (if any) data has actually been breached.
When the difference between ‘business as usual’ or a complete shutdown depends on whether a single employee clicks on the wrong email link, you simply can’t afford to take any chances.
The elevated level of threat posed by extortionware makes it even more critical to implement a solid security awareness training program for all employees. It’s also important to focus on additional threat prevention methodologies so you never get hit by this type of cyberattack. Investing a little upfront time and money as ‘cybersecurity insurance’ can go a long way in avoiding a preventable disaster.
Click below to share this article
Click Here For Education, Skills Training and Certification Training in Computer/Cyber Security (like CompTIA, EC-Council, Cisco…) Cyber Crime, Surveillance, Counter-Surveillance and Private Investigation.