Ransomware attacks into organizations’ IT systems have been around in their current form for about 10 years, but it looks like the problem is still getting worse. Cybercriminals made a new record in successful ransomware attacks in 2021 when they managed to break into 66% of mid-sized organizations’ computer networks.
Cybersecurity consultancy Sophos conducted an extensive survey about ransomware incidents among mid-sized organizations across the world. Altogether, 5600 organizations responded, but only 965 shared the payment details.
The disturbing highlight of the survey is that two thirds (66%) of organizations have been victims of ransomware attacks. The number is so high that we can safely assume practically every organization will be hit, and a number of organizations will be hit twice or more.
Other highlights from the Sophos 2022 ransomware survey:
- 46% of ransomware victims paid to criminals, although many of them had backup data.
- More than half (54%) of victims did not pay the ransom.
- The average ransomware payment was 812,360 dollars – note that the survey covered mid-sized organizations only. The trend points up, however, since over million dollar payments increased three times more frequent from previous year.
- 86% of enterprise victims had lost business and/or revenue because of a ransomware attack.
- The average time to recover from an attack was one month with an average cost of 1.4 million dollars.
- 83% of organizations have insurance that covers cybercrime. In 98% of ransomware cases, the insurance covered all or some of the costs.
Why cybercriminals manage to break into so many organizations?
A ransomware attack is typically initiated with an virus-like program that is sneaked in an organization’s network. Phishing – using social engineering to convince an employee to install a malicious program is the most popular method. The malicious piece of software can also infiltrate to a network from a USB stick, innocent-looking web page link, or from a mobile phone app store. There are so many ways that it is practically impossible to prevent every method.
Another reason why cybercriminals succeed is availability of tools and services. Criminals who don’t have technical skills can buy ransomware attacks as a service. Perhaps the time we are living now will be remembered as the golden era of cybercrime when it was easy to make millions of dollars simply by using tools available.
Unbelievable: 66% of mid-sized organizations are ransomware victims. I can’t think of any other type of crime that has methods to facilitate breaking into so many protected places as cybercrime.
There must be something terribly wrong with 46% of ransomware victim organizations that decided to pay the ransom. Perhaps they weren’t sure what the status of backup data was, and how long it would take to recover the data.
At the same time, security professionals are working hard to lock down internal networks, educate users, and restrict access to internal resources. They are probably asking: What can we learn from those 54% of ransomware victims who didn’t pay the ransom, but trusted they can quickly and safely recover on their own? One can assume that organizations that didn’t pay must have been absolutely sure they had everything backed up, they had executed a dry-run recovery process so they knew how long it roughly takes, and they had a step by step plan for recovery.
The latest trend in IT security is Zero Trust -model. The rough overall idea is to verify every connection even after a user has successfully been authorized to the internal network. Artificial Intelligence is already applied to cybersecurity, and will be used more as the technology matures.
The Sophos State of Ransomware 2022 survey was conducted in January and February 2022. It consisted of interviews of 5,600 IT decision makers in 31 countries: the US, Canada, Brazil, Chile, Colombia, Mexico, Austria, France, Germany, Hungary, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Switzerland, Poland, the Czech Republic, Turkey, Israel, UAE, Saudi Arabia, India, Nigeria, South Africa, Australia, Japan, Singapore, Malaysia, and the Philippines. Only mid-sized organizations between 100 and 5,000 employees were included.