76% of Ransomware Attacks Are Successful -Sophos Report Reveals

  • Rate of Ransomware Attacks Remains Steady, with 66% of Organizations
  • Surveyed Reporting They Were a Victim of Ransomware

Large business organisations are parting with an average of $750, 000 (Sh103 million) to recover their data from hackers.

This coming in the wake of an increase in cybersecurity threats especially the ransomware attacks.

A new report titled State of Ransomware 2023 report, by Sophos a global leader in innovating and delivering cybersecurity as a service, found that in 76 percent of ransomware attacks against surveyed organizations, adversaries succeeded in encrypting data.

This is the highest rate of data encryption from ransomware since Sophos started issuing the report in 2020.

The survey also shows that when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs [$750,000 in recovery costs versus $375,000 for organizations that used backups to get data back].

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organizations that used backups recovering within a week, compared to 39% of those that paid the ransom.

Overall, 66% of the organizations surveyed were attacked by ransomware—the same percentage as the previous year.

This suggests that the rate of ransomware attacks has remained steady, despite any perceived reduction in attacks.

“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos.

“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.

READ ALSO: Hackers Access AT&T email Accounts to steal Cryptocurrency

When analyzing the root cause of ransomware attacks, the most common was an exploited vulnerability [involved in 36% of cases], followed by compromised credentials [involved in 29% of cases]. This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.

Additional key findings from the report include:

  1. In 30% of cases where data was encrypted, data was also stolen, suggesting this “double dip” method [data encryption and data exfiltration] is becoming commonplace
  2. The education sector reported the highest level of ransomware attacks, with 79% of higher education organizations surveyed and 80% of lower education organizations surveyed reporting that they were victims of ransomware
  3. Overall, 46% of organizations surveyed that had their data encrypted paid the ransom. However, larger organizations were far more likely to pay. In fact, more than half of businesses with revenue of $500 million or more paid the ransom, with the highest rate reported by those with revenue over $5 billion. This could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments

“With two thirds of organizations reporting that they have been victimized by ransomware criminals for the second year in a row, we’ve likely reached a plateau. The key to lowering this number is to work to aggressively lower both time to detect and time to respond. Human-led threat hunting is very effective at stopping these criminals in their tracks, but alerts must be investigated, and criminals evicted from systems in hours and days, not weeks and months. Experienced analysts can recognize the patterns of an active intrusion in minutes and spring into action. This is likely the difference between the third who stay safe and the two thirds who do not. Organizations must be on alert 24×7 to mount an effective defense these days,” said Wisniewski.

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

  1. Strengthen defensive shields with:
    1. Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access [ZTNA] to thwart the abuse of compromised credentials
    1. Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
    1. 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response [MDR] provider
  2. Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
  3. Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Ports Sacco relaunches to empower members and drive financial inclusion

Wed May 10 , 2023
Share on Facebook Tweet it Share on Reddit Pin it Share it Email Ports Sacco formerly known as Mombasa Port Sacco, has opened its doors to diverse membership as it looks to scale up to Nairobi and other non-port towns. The Mombasa-based Sacco, was initially dedicated to employees of the […]

You May Also Like

Chief Editor

Jacktone Lawi

Meet Jacktone Lawi, a seasoned technology journalist with years of experience in the industry. I have developed my passion for technology during my formative years, which has been instrumental in shaping my career trajectory. My expertise lies in reporting on emerging technologies and their impact on businesses and consumers worldwide. Through my experience I’m well-versed in covering topics such as artificial intelligence, blockchain, cybersecurity, cloud computing, and digital transformation, among others. Throughout my career, I have has demonstrated an exceptional ability to distill complex technical information into accessible and engaging content that resonates with my readers. My writing style is clear, concise, and informative, allowing me to communicate even the most technical concepts to a broad audience. Beyond my writing skills, I have also become known for extensive network of industry contacts and ability to secure exclusive interviews with high-profile figures in the technology world. These connections have enabled me to gain unique insights into the latest trends and developments in the field, giving me a competitive edge in my reporting. In addition to my work as a journalist, I’m also actively engaged in the broader technology community. Where I regularly attend conferences and events, share insights and stays up-to-date on the latest innovations in the industry. Overall, my wealth of experience as a technology journalist have given me a deep understanding of the industry and its impact on society.

Quick Links