Connect with us

Hi, what are you looking for?

HEADLINES

Paying ransom doubles cost of recovering from ransomware attack – Sophos

One in three (30%) organizations in the Philippines had experienced a ransomware attack in the previous 12 months. On a global level, data was encrypted in nearly three quarters (73%) of attacks that successfully breached an organization.

Sophos announced the findings of its global survey, The State of Ransomware 2020, which reveals that paying cybercriminals to restore data encrypted during a ransomware attack is not an easy and inexpensive path to recovery. In fact, the total cost of recovery almost doubles when organizations pay a ransom. The survey polled 5,000 IT decision makers in organizations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa. 

One in three (30%) organizations in the Philippines had experienced a ransomware attack in the previous 12 months. On a global level, data was encrypted in nearly three quarters (73%) of attacks that successfully breached an organization. The average global cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was US$730,000. This average cost rose to US$1.4 million, almost twice as much, when organizations paid the ransom. More than one quarter (27%) of all organizations hit by ransomware globally admitted paying the ransom.

“Organizations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory. Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair,” said Chester Wisniewski, principal research scientist, Sophos. 

More than half (56%) of all the IT managers surveyed globally were able to recover their data from backups without paying the ransom. In a very small minority of cases (1%), paying the ransom did not lead to the recovery of data.

Advertisement. Scroll to continue reading.

At a global level, for 5% of public sector organizations, paying the ransom did not lead to the recovery of data. In fact, 13% of the public sector organizations surveyed never managed to restore their encrypted data, compared to 6% of all organisations globally.  

However, contrary to popular belief, the public sector was least affected by ransomware globally, with just 45% of the organizations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure and entertainment businesses in the private sector were most affected by ransomware, with 60% of respondents reporting attacks.

SophosLabs researchers have published a new report, Maze Ransomware: Extorting Victims for 1 Year and Counting, which looks at the tools, techniques and procedures used by this advanced threat that combines data encryption with information theft and the threat of exposure. This approach, which Sophos researchers have also observed being adopted by other ransomware families, like LockBit, is designed to increase pressure on the victim to pay the ransom. The new Sophos report will help security professionals better understand and anticipate the evolving behaviors of ransomware attackers and protect their organizations.

“An effective backup system that enables organizations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware,” added Wisniewski. “Advanced adversaries like the operators behind the Maze ransomware don’t just encrypt files, they steal data for possible exposure or extortion purposes. We’ve recently reported on LockBit using this tactic. Some attackers also attempt to delete or otherwise sabotage backups to make it harder for victims to recover data and increase pressure on them to pay. The way to address these malicious maneuvers is to keep backups offline, and use effective, multi-layered security solutions that detect and block attacks at different stages.”

The State of Ransomware 2020 survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2020. The survey interviewed 5,000 IT decision makers in 26 countries, in the US, Canada, Brazil, Colombia, Mexico, France, Germany, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Poland, the Czech Republic, Turkey, India, Nigeria, South Africa, Australia, China, Japan, Singapore, Malaysia, Philippines and UAE. All respondents were from organizations with between 100 and 5,000 employees.

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Globe has been a consistent advocate for a safer and more responsible digital space

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

HEADLINES

The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors; the overall rate of ransomware...

HEADLINES

The all-cash transaction is valued at approximately $859 million. Sophos is backed by Thoma Bravo, a leading software investment firm.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

Advertisement