Ransomware protection is one of the key security concerns. Learn the current state of ransomware to stay ahead of this threat
In today’s digital landscape cybersecurity presents challenges and threats that demand constant vigilance. Ransomware, in particular, has emerged as a formidable adversary, causing chaos across industries and organizations of all sizes. To stay ahead of this ever-present danger, it’s essential to have a deep understanding of the current state of ransomware attacks.
The Sophos State of Ransomware 2023 Report provides valuable insights into the current ransomware threat landscape. It represents findings from an independent, survey of 3,000 leaders responsible for IT/cybersecurity across 14 countries (Australia, Austria, Brazil, France, Germany, India, Italy, Japan, Singapore, South Africa, Spain, Switzerland, UK, US).
Covering the period of January-March 2023, the Report reveals the most common root causes of ransomware and shines new light on how experiences with ransomware differ across different countries, organizations, and industries. The key takeaways from the Sophos State of Ransomware include:
By understanding the latest trends, organizations can take steps to protect themselves from ransomware attacks.
In the past year, the education sector was the most susceptible to ransomware attacks, with 80% of lower education institutions and 79% of higher education institutions reporting such incidents. This can be attributed to the challenges that the education sector faces in terms of limited resources and technological infrastructure. These challenges make education an attractive target for criminals who exploit these weaknesses.
In contrast, the IT, technology, and telecom industries reported the lowest rate of ransomware attacks at 50%. This indicates a higher level of preparedness and more robust cybersecurity defenses within this sector.
According to survey respondents, the most prevalent underlying cause of ransomware attacks was an exploited vulnerability, accounting for 36% of the cases. This was closely followed by compromised credentials, which constituted 29% of the incidents. Email-related factors played a significant role in 30% of the attacks, with a breakdown of 18% attributed to malicious emails and 13% to phishing attempts. A smaller fraction, 3%, had their origins in brute force attacks, while only 1% of the attacks began with a downloaded file.
The media, leisure, and entertainment sectors reported the highest percentage of attacks with an exploited vulnerability as a root cause (55%). Central and federal governments recorded the highest percentage of attacks initiated through compromised credentials (41%). Several factors may contribute to this figure, including a higher rate of credential theft in this sector, a lower ability to prevent the exploitation of stolen credentials or a combination of those.
Conversely, the IT, technology, and telecoms sectors demonstrated notable resilience, reporting the lowest rates for both exploited vulnerabilities (22%) and compromised credentials (22%). This likely indicates robust cybersecurity defenses within this sector. However, it is worth noting that this sector faced a different challenge, with a high incidence of email-based attacks, as more than half (51%) of these attacks originated from users’ email inboxes.
Data encryption has seen a notable increase, as data has been successfully encrypted in more than three-fourths (76%) of ransomware attacks. This increase in encryption rates is currently at its highest point over the past four years due to the ongoing improvement and innovation in the tactics adversaries employ.
In nearly all sectors, there is a consistent challenge in preventing attacks before data is encrypted. More than two-thirds of attacks led to data encryption in each sector. The sector with the most frequent occurrence of data encryption (92%) was business and professional services.
However, the IT, technology, and telecoms sector is an exception to this trend, with adversaries managing to encrypt data in fewer than half (47%) of the attacks. This serves as further evidence of the sector’s robust cyber defenses and readiness to respond to such threats.
In 30% of attacks where data was encrypted, data was also stolen. The high frequency of data theft increases the importance of stopping attacks as early as possible before information can be exfiltrated.
97% of organizations that had data encrypted got data back. Backups were the most common approach, used in 70% of incidents. 46% paid the ransom and got data back, while 2% used other means. Overall, one in five (21%) used multiple methods to restore their data. 1% of organizations that had data encrypted paid the ransom but didn’t get data back.
As a company’s yearly earnings increase, they are more likely to pay a ransom to retrieve their data. Simultaneously, the frequency of using backups decreases.
Among organizations with revenue exceeding $5 billion, 55% recovered their data by paying the ransom, while 63% relied on backups. Conversely, among organizations with revenue less than $10 million, 36% retrieved their data by paying the ransom, while 80% utilized backups, marking the highest backup usage rate among all revenue groups.
Organizations with lower annual revenue have limited funds for ransom payments, making them prioritize backup solutions for data recovery. On the other hand, larger revenue organizations often possess intricate IT systems that can pose challenges for timely data recovery through backups. Additionally, they have the financial capability to resolve such situations by paying their way out.
Excluding any ransom payments, organizations reported an average cost of approximately $1.82 million to recover from ransomware attacks. This is higher than in 2022 ($1.4 million to recover from a ransomware attack on average), but aligns closely with the $1.85 million reported in 2021.
No matter how you analyze the data, using backups for ransomware recovery is significantly more cost-effective than paying the ransom. Organizations that utilized backups had a median recovery cost of $375,000, which is half the expense incurred by those who paid a ransom ($750,000). Likewise, the average recovery cost is nearly $1 million lower for organizations that rely on backups. This underscores the clear financial advantages of investing in a robust backup strategy.
By following these tips, you can help to protect your organization from ransomware attacks:
Use a security solution that includes endpoint protection. Endpoint protection solutions can help to protect your systems from ransomware by detecting and blocking malicious files and scripts.
Have a backup solution in place. A backup solution can help you to recover your data if it is encrypted by ransomware. Make sure that your backups are stored in a secure location, such as the cloud.
Educate your employees about ransomware. Employees should be taught how to identify and avoid ransomware attacks. This includes teaching them how to spot phishing emails and text messages, how to create strong passwords, not share login credentials and other sensitive information.
Keep your software up to date. Software updates often include security patches that can help protect against ransomware attacks. Make sure that you are always using the latest version of your software with the latest security patches.
Have a ransomware response plan in place. A ransomware response plan can help you quickly identify and respond to a ransomware attack. This plan should include steps for isolating infected systems, containing the damage, and recovering your data.
Planet 9 employs seasoned professional who can help you establish and implemet a Ransomware Protection Strategy. If you suffered from a ransomware attack, Planet 9 can help you contain and resolve the incident.