By Staff Reporter
CYBERSECURITY firm, Sophos has revealed that the rate of successful data encryption from ransomware attacks on organizations and businesses hit the highest level in 2023.
Sophos in its “State of Ransomware 2023” report, said it found that in 76 per cent of ransomware attacks against surveyed organizations, adversaries succeeded in encrypting data. It said this came as the highest rate of data encryption from ransomware since Sophos started issuing the report in 2020.
The company said the survey also showed that when organisations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs ($750,000 in recovery costs versus $375,000 for organizations that used backups to get data back).
Sophos added that paying the ransom usually meant longer recovery times, with 45 per cent of those organisations that used backups recovering within a week, compared to 39 per cent of those that paid the ransom. The firm further disclosed that overall, 66 per cent of the organisations surveyed were attacked by ransomware—the same percentage as the previous year. This, it said, suggests that the rate of ransomware attacks has remained steady, despite any perceived reduction in attacks.
Commenting on the report, Field Chief Technical Officer at Sophos, Chester Wisniewski, said: “Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes.
“Incident costs rise significantly when ransoms are paid. Most victims cannot recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals but also slows incident response and adds cost to an already devastatingly expensive situation.”
On the root cause of attacks, Sophos said while analyzing the cause of ransomware attacks, it found that the most common was an exploited vulnerability (involved in 36 per cent of cases), followed by compromised credentials (involved in 29 per cent of cases). It said this is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.
Sophos further found that in 30 per cent of cases where data was encrypted, data was also stolen, suggesting this “double dip” method (data encryption and data exfiltration) is becoming commonplace.
It said the the education sector reported the highest level of ransomware attacks, with 79 per cent of higher education organisations surveyed and 80 per cent of lower education organizations surveyed reporting that they were victims of ransomware.
Accordingly, the report showed that overall, 46 per cent of organisations surveyed that had their data encrypted paid the ransom, however, larger organisations were far more likely to pay.
In its recommendations, Sophos advised businesses to strengthen their defensive shields with security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials.
It also advised businesses to adopt adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond.
“With two-thirds of organizations reporting that they have been victimized by ransomware criminals for the second year in a row, we’ve likely reached a plateau. The key to lowering this number is to work to aggressively lower both time to detect and the time to respond.
“Human-led threat hunting is very effective at stopping these criminals in their tracks, but alerts must be investigated, and criminals evicted from systems in hours and days, not weeks and months,” Wisniewski added.”
According to the firm, data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023.
Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.