A report by cybersecurity company Sophos said that in 77% of ransomware attacks against surveyed organisations, hackers succeeded in encrypting data. About 44% of victim companies paid the ransom to get their data back – a considerable drop from last year’s rate of 78%.
“Although dipping slightly from the previous year, the rate of encryption remains high at 77%, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos.
The cybersecurity company said that on a global scale, when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs ($7,50,000 in recovery costs versus $3,75,000 for organisations that used backups to get their data back).
“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” Wisniewski added.
Ransomware attack causes
When Sophos analysed the root cause of ransomware attacks, it found that the most common reason was an exploited vulnerability (involved in 35% of cases), followed by compromised credentials (involved in 33% of cases).
Other key global findings
The report mentioned that in 30% of cases where data was encrypted, data was also stolen, suggesting that the “double dip” method (data encryption and data exfiltration) is becoming commonplace.
The education sector reported the highest level of ransomware attacks on a global level, with 79% of higher education organisations and 80% of lower education organisations surveyed reported that they were victims of ransomware.