The latest data from Sophos, a company that offers cybersecurity as a service, showed that there was a slight decline in ransomware attacks from 72% in 2021 to 68% last year in Asia Pacific and Japan (APJ).
However, cybercriminals have been on an encryption spree with 71% of respondents in Sophos’ annual “State of Ransomware 2023” report saying that their data have been encrypted. From that number, 49% (down from 2021’s 55%) paid the ransom.
Sophos noted that larger organizations with revenue of $500 million are the ones who usually pay the ransom. However, Sophos noted that this could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments.
“Although dipping slightly from the previous year, the rate of encryption remains high at 71%, which is certainly concerning,” Chester Wisniewski, field CTO, Sophos, said in a statement. “Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes.”
Citing another report, Sophos saw that ransomware attacks usually happen when cybercriminals exploited vulnerabilities and use compromised credentials.
But data recovery costs more for organizations on top of the ransom they have paid. As per the report, organizations spent $750,000 in recovery costs while those that have used backups to recover data spend $375,000.
Data recovery time
Sophos emphasized that data recovery usually takes longer for organizations without backups. Normally, it would take only a week to recover files from backups.
“Incident costs rise significantly when ransoms are paid,” Wisniewski. “Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation.”
The report found that the education sector recorded the highest level of ransomware attacks, with 79% of higher education organizations surveyed and 80% of lower education organizations surveyed reporting that they were victims of ransomware
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
- Strengthen defensive shields with:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
- 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
- Optimize attack preparation, including making regular backups, practicing recovering data from backups, and maintaining an up-to-date incident response plan
- Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations.