Ransomware attacks have been on the rise for a year, data show

More organizations are affected by ransomware attacks, as the average ransom paid has increased almost fivefold.

Cybersecurity company Sophos says it is “becoming easier for cybercriminals to deploy ransomware”, with data showing that more businesses are being affected.

The company surveyed more than 5,000 midsize businesses in 31 countries as part of its SRansomware status report 2022

They found that 66% of companies surveyed were affected by ransomware in 2021, compared to 37% in 2020.

The average ransom paid by organizations that had encrypted data on their most significant ransom attack against the ransomware software also increased nearly fivefold to $ 812,360.

A total of 46% of organizations that had encrypted data paid a ransom to recover the data, even if they had other means of data recovery, such as archiving.

“Along with escalating payments, the study shows that the proportion of victims who pay also continues to increase, even when they may have other options,” said Chester Wisniewski, chief researcher at Sophos.

“There may be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. After a ransomware attack there is often a strong pressure to recover and work as soon as possible.

“Recovering encrypted data with backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. This is also a risky option.

“Organizations do not know what the attackers may have done, such as adding backdoors, copying passwords and more. potentially exposed to re-attack. “

Sophos says the average cost of repairing from the latest ransomware attack in 2021 was $ 1.4 million, and it takes an average of one month to repair from damage and disruption.

About 90 percent of organizations said the attack affected their ability to work, and 86 percent of private sector victims said they lost business and / or income from the attack.

Sophos also found that while most midsize companies have cyber insurance, the majority say their experience with it has changed in the last 12 months.

Reasons for this include higher requirements for cybersecurity measures, more complex or expensive policies, and fewer organizations offering insurance protection.

“The findings suggest that we may have reached the peak of the ransomware evolutionary journey, where the greed of attackers for ever higher ransom payments is facing a hardening of the cyber insurance market as insurers increasingly seek to reduce the risk and exposure of one’s ransomware, “Vishnevsky said.

“In recent years, it has become easier for cybercriminals to implement ransom software, with almost everything available as a service. Second, many cyber insurance providers cover a wide range of ransomware recovery costs, including ransom, which is likely to contribute to higher ransom demands.

“However, the results show that cyber insurance is becoming more stringent and in the future victims of ransomware may become less willing or less able to pay incredibly high ransoms. Unfortunately, this is unlikely to reduce the overall risk of ransomware attacks.

“Ransomware attacks are not as resource-intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing, and cybercriminals will continue to pursue low-hanging fruits.”