Ransomware is brutal and report shows the risk is rising fast

New global report shows a sharp rise in firms targeted plus the eyewatering costs associated with an attack

Ransomware is brutal and report shows the risk is rising fast
Steve Randall

Imagine if all of the information and data that your business relies on was suddenly unavailable, with paying an extortionate sum of money the only way to get it back.

This is the reality for thousands of businesses that have fallen victim to a ransomware, a form of cyber attack that has escalated sharply in the last two years.

A new survey reveals that 69% of global businesses say they were hit with ransomware in 2021, up from 37% in 2020.

When a breach of this nature occurs, data is encrypted, and attackers demand payment of a ransom for victims to regain access. The size of ransoms has also escalated sharply, to an average US$812,360 – five times the size that was paid in 2020.

In Canada, 59% of respondents to the Sophos survey had been targeted and the average payment was $123,579.

Perhaps surprisingly, financial services firms are not the most targeted globally (55%). Media, leisure, and entertainment (79%); retail (77%); energy and utilities (75%); professional services (73%); construction and property (63%); and even IT, tech, and telecoms (61%); are among those industries that were targeted more in 2021.

The average cost to recover from the most recent ransomware attack in 2021 was $1.4 million. It took on average one month to recover from the damage and disruption.

Ninety percent of organizations said the attack had impacted their ability to operate, and 86% of private sector victims said they had lost business and/or revenue because of the attack

Paying up isn’t the only option

With businesses already tackling multiple challenges, from Covid to inflation, 46% have opted to pay the ransom rather than risk losing valuable data.

However, Chester Wisniewski, Sophos principal research scientist, says that organizations have other options, but don’t always use them.

“There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site,” he said. “In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option.”

However, he added that paying up doesn’t always end the issue with organizations uncertain if attackers may have added backdoors for future access, copying passwords and more.

“If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.” he warned.

Act to protect your data

Sophos says there are several things that you can do to help protect your data from ransomware:

  1. Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs
  2. Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
  3. Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) solutions are ideal for this purpose
  4. Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated
  5. Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption