Ransomware attacks have plagued the cybersecurity industry for years, and they’re coming at an increasing rate. In late April, Sophos, a software security company, released data and analysis from a survey on the state of ransomware. This is an annual study of “5,600 IT (informational technology) professionals in mid-sized organizations across 31 countries.” The people who responded did so based on their experience from the previous year (2021).
A ransomware attack occurs when threat actors hack into a company’s system, steal data and hold it for ransom. A company can get this data back, but it generally comes at a steep monetary cost, often to be paid in Bitcoin. Unfortunately, just paying a ransom doesn’t ensure that a party will get their data back. Ransomware attacks also can have a number of ramifications beyond lost data, including business disruptions and reputational damage, to name a few.
Notable recent ransomware attacks have included Kaseya, Colonial Pipeline, WannaCry and the AIDS Trojan.
Ransomware on the rise
According to Sophos, ransomware attacks went up by 78% from 2020 to 2021. This is because threat actors have gotten better at encrypting and hiding their entry points, which allows them to stay under the radar. Not only are these attacks becoming more frequent, but they are also becoming more complex.
As an outcome, companies and businesses have suffered losses in more ways than one. Sophos said 86% of respondents report a loss in business/revenue, and 90% say that it impacted their ability to function. A recent example of this is the Colonial Pipeline attack. According to reports, this ransomware strike impacted Colonial’s billing system, but the company ultimately decided to shut down their operational technology (OT) side, as well, to prevent a cross breach. When the oil stopped flowing, it caused runs on gas pumps in Southern states as well as issues with airlines along the East Coast.
Sophos reports that it takes a month, on average, to recover from a ransomware attack, but the effects can plague businesses for years.
Of all the data points Sophos provides, the most disheartening statistic might be that 72% of companies and businesses trust procedures and preventive measures that don’t actually stop attacks from occurring. Many of those companies believe that just having backups of information and cyber insurance will help prevent a ransomware attack. Of course, these measures do not stop attacks from happening, but rather serve to help mitigate the damage once they do occur.
Ransom payments and data recovery
According to Sophos, “Almost all organizations hit by ransomware in the last year (99%) now get some encrypted data back.” For these organizations, 61% of their data was restored after paying the ransom. However, only 4% of those that paid the ransom got all of their data back. As previously mentioned, just because a company pays the ransom, that doesn’t mean their data won’t be corrupt or that they will get everything back.
Ransom payments have skyrocketed to an average of $812,360 — a substantial increase from the average of $170,000 in 2020. This is likely due to the increase in both complexity and occurrence of ransomware attacks.
Only 21% of companies paid less than $10,000. The manufacturing and utilities industries pay the highest on average, at $2 million, with health care being the lowest average, at $197,000.
Sophos’s data goes into the importance of cyber insurance and how companies are adding those insurers that also cover ransomware attacks. According to this study, 89% of companies polled have insurance for ransomware.
A reported 94% of polled companies have found it more difficult to secure insurance in the past year, as insurance companies have made policies more restrictive. Companies report that they need more cybersecurity than previously to qualify, the policies are more complex, there aren’t many options for cyber insurance and that it’s too expensive. This heightened barrier to entry comes from the cost of protecting those companies when ransomware attacks — or any attacks, for that matter — happen. Cyber insurance is a relatively new concept, and insurance companies are just starting to understand how impactful and expensive ransomware can be. When a company does have cyber insurance with a ransomware policy, 98% of those companies’ insurers paid out and got some data back.
Ransomware attacks are a growing concern that will be around for the foreseeable future. Having protective measures in place, such as cyber insurance and good backups, when an attack occurs is imperative to having the best chance of minimizing damage to your organization. Thanks to tools like ransomware-as-a-service, threat actors don’t need to be as knowledgeable to follow through with an attack, which likely means there is no sign of these intrusions stopping anytime soon.
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.