Sophos ransomware report reveals that cybercriminals successfully cracked encrypted data in 76% of attacks against businesses, the highest percentage ever recorded. From “The State of Ransomware Report 2023” it emerges that the companies that paid the ransom then doubled the costs of the recovery. Also, paying the ransom usually involves time recovery longer. 45% of those who used the backups recovered their data within a week, compared to 39% of those who paid the ransom. Overall, 66% of companies surveyed were affected by ransomware, as in 2022. This means that the pace of attacks has remained stable although the relevance of this phenomenon may suggest otherwise.
Less time to neutralize attacks
Chester Wisniewski, field Cto at Sophos
Encryption rates have returned to very high levels after a temporary dip during the pandemic. Which is worrying. Ransomware gangs have perfected their methodologies by accelerating attacks to reduce the time their victims have to try to neutralize attempted attacks.When you agree to pay the ransom to recover your data, the costs go up significantly. Also most of the victims fail to recover all files with the simple purchase of the decryption keys, still having to rebuild and restore the data even from backups. Paying the ransom not only makes criminals richer, it also slows down the response to incidents and increases the cost of an already incredibly costly situation.
Encrypting encrypted data can now be done
When analyzing the root cause of ransomware attacks, the most common case is exploiting a vulnerability (36% of cases), followed by a credential breach (29% of cases). These data are in line with those recently emerged from the analysis of “Sophos Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders”.
The most interesting data of the 2023 report
- in 30% of the cases in which the data has been encrypted there has also been the theft of the same. This indicates that the “double hit” method (data encryption and data exfiltration) is spreading.
- The education sector recorded the highest level of ransomware attacks. 79% of higher education institutions and 80% of lower education institutions in the sample were affected.
Who pays the ransom, if cybercriminals manage to encrypt the encrypted data
- Il 46% of surveyed companies affected by a ransomware attack paid the ransom, and larger organizations were more willing to pay. More than half of the companies with revenues of $500 million or more paid the ransom, with those with revenues over $5 billion recording the highest percentage. This may be partially because larger companies are the ones most often covered by one policy of cyber-insurance that covers the payment of ransoms.
How to defend yourself
- Strengthen further protective shields with:
- security tools that protect against the most common attack vectors and Zero Trust Network Access (ZTNA) to prevent the use of compromised credentials;
- adaptive technologies that react automatically to attacks by neutralizing the opponents and leaving time for the response;
- ◦ 24/7 threat detection, analysis and management.
Comply with good “safety hygiene”
- Optimize preparedness in the event of an attack by running backup routines, testing restores from backups and maintaining an up-to-date incident response plan.
- Maintaining good “security hygiene” including timely patching and regular testing of security tool configurations.
The situation in Italy
- In the last year, 65% of companies have been affected by ransomware.
- This is a slight increase compared to the 61% found in the 2022 research.
- Cyber vulnerabilities were the leading cause of attacks, being exploited in 30% of incidents.
- Data was stolen in 27% of attacks where it was encrypted, lower than the global average of 30%.
- 93% of companies whose data was encrypted recovered the data, which is slightly below the global average of 97%.
Encrypt encrypted data
Backup remains the most commonly used method for data recovery, with 55% of Italian respondents having their data encrypted using this approach. This is a significant drop from the 78% who used backups in the 2022 survey.
56% of Italian companies that have had their data encrypted have paid the ransom, a considerable increase from 43% last year and higher than the global average of 47% for 2023.
Encrypt encrypted data, how much does it cost to recover from an attack
- 16% of Italian companies that have undergone data encryption have used various recovery methods in parallel.
- Excluding ransom payments, the average expense Italian companies incurred to recover from a ransomware attack was $2.40 million. Including downtime costs, people time, cost of devices, cost of network, lost opportunities, etc. This is higher than the global average cost of $1.82 million.
- 75% of private sector companies affected by ransomware said the attack caused them a loss of revenue, lower than the global average of 84%.
- 64% of Italian companies took about a week to recover from the attack. 19% took about a month, while 16% took between one and six months.
- 86% of Italian companies said they have taken out cyber insurance. Of these, 39% have a standalone policy and 48% have a policy that is part of a larger company policy.
- 92% of respondents whose business purchased a cyber insurance policy in the last year said the quality of their defenses had a direct impact on their insurance position.