Firms pay over double in ransom to recover stolen data in 2021
The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021.
This is part of the findings in the latest State of Ransomware 2021 survey by Sophos, a next-generation cybersecurity organisation.
Ransomware gangs collected almost $ 350 million last year, up threefold from 2019 according to another report. Companies, government agencies, hospitals and school systems are among the victims of ransomware groups, some of which U.S. officials say have friendly relations with nationstates including North Korea and Russia.
The Sophos survey polled 5,400 information technology decision makers in mid-sized organizations in 30 countries across Europe, the Americas, Asia-pacific and Central Asia, the Middle East, and Africa.
The average ransom a business paid is $170,404. The global findings also show that only 8 percent of organizations managed to get back all of their data after paying a ransom, with 29 percent getting back no more than half of their data.
While t he number of organizations that experienced a ransomware attack fell from 51 percent of respondents surveyed in 2020 to 37 percent in 2021, and fewer organizations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020), the new survey results show worrying upward trends, particularly in terms of the impact of a ransomware attack.
“The apparent decline in the number of organizations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviors,” said Chester Wisniewski, principal research scientist, Sophos. “
Wisniewski said attackers have moved from larger scale, generic, automated attacks to more targeted attacks that include human hands-onkeyboard hacking.
The overall number of attacks is lower. However, the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and this is reflected in the survey in the doubling of overall remediation costs.
In general, the survey found that the average cost of remediating a ransomware attack more than doubled in the last 12 months.
Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $ 1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment, on average.
Also the average ransom paid was $ 170,404. While $3.2 million was the highest payment out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more.
22 percent of respondents from Nigeria had experienced a ransomware attack in the last 12 months, compared to 53 percent in 2020.
39 percent of respondents from Nigeria that weren’t hit by ransomware in the last 12 months but expect to be hit in the future, believe that ransomware attacks are getting increasingly hard to stop due to their sophistication.
The survey also found that the number of organizations that paid the ransom increased from 26 percent in 2020 to 32 percent in 2021, although fewer than one in 10 (8%) managed to get back all of their data.
“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organizations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” said Wisniewski. “
He says this is partly because using decryption keys to recover information can be complicated. Alao there is no guarantee of success.
“For instance, as we saw recently with Dearcry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible,” he said.
Sophos outlines six best practices to help defend against ransomware and related cyberattacks.
First, businesses should assume they will be targetedand possibly hit. Ransomware remains highly prevalent. No sector, country or organization size is immune from the risk. It’s better to be prepared, but not hit, rather than the other way round.
It is important to make backups and keep a copy offline. Backups are the main method organizations surveyed used to recover their data after an attack. Opt for the industry standard approach of 3: 2: 1 ( three sets of backups, using two different media, one of which is kept offline).