EDITOR ’ S QUESTION
HOW HAVE CYBERCRIMINALS CHANGED THEIR BEHAVIOR AND HAVE THESE CHANGES MADE THEM MORE DANGEROUS ?
Sophos , a global leader in next-generation cybersecurity , has announced the findings of its global survey , The State of Ransomware 2021 , which reveals that the average total cost of recovery from a ransomware attack has more than doubled in a year , increasing from US $ 761,106 in 2020 to US $ 1.85 million in 2021 .
We ’ ve seen attackers move from larger scale , generic , automated attacks to more targeted attacks that include human hands-onkeyboard hacking .
The average ransom paid is US $ 170,404 . The global findings also show that only 8 % of organizations managed to get back all of their data after paying a ransom , with 29 % getting back no more than half of their data .
The survey polled 5,400 IT decision makers in midsized organizations in 30 countries across Europe , the Americas , Asia-Pacific and Central Asia , the Middle East and Africa .
Globally , fewer organizations suffered data encryption as the result of a significant attack ( 54 % in 2021 compared to 73 % in 2020 ). The new survey results reveal worrying upward trends , particularly in terms of the impact of a ransomware attack .
“ The apparent decline in the number of organizations being hit by ransomware is good news , but it is tempered by the fact that this is likely to reflect , at least in part , changes in attacker behaviors ,” said Chester Wisniewski , Principal Research Scientist , Sophos .
“ We ’ ve seen attackers move from larger scale , generic , automated attacks to more targeted attacks that include human hands-on-keyboard hacking . While the overall number of attacks is lower as a result , our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher . Such attacks are also harder to recover from , and we see this reflected in the survey in the doubling of overall remediation costs .”
Globally , the number of organizations that paid the ransom increased from 26 % in 2020 to 32 % in 2021 , although fewer than one in 10 ( 8 %) managed to get back all of their data .
“ The findings confirm the brutal truth that when it comes to ransomware , it doesn ’ t pay to pay . Despite more organizations opting to pay a ransom , only a tiny minority of those who paid got back all their data ,” said Wisniewski .
“ This could be in part because using decryption keys to recover information can be complicated . What ’ s more , there ’ s no guarantee of success . For instance , as we saw recently with DearCry and Black Kingdom ransomware , attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult , if not impossible .”
32 INTELLIGENTCIO APAC www . intelligentcio . com