Sophos, a cybersecurity-as-a-service provider, has reported an alarming surge in data encryption during ransomware attacks over the past three years. Its latest report reveals that cybercriminals have successfully encrypted data in 75% of these attacks.

The Sophos study identified a worrying trend in 37% of ransomware attacks where data was encrypted; the data was also stolen, indicating a rise in the use of the “double-dip” method.

“The State of Ransomware in Healthcare 2023” also revealed a significant increase from the 61% of healthcare organizations that reported having their data encrypted last year while only 24%, from 34% in 2022, were able to stop the attacks.

Sophos: Cybercriminals run contests to advance techniques
Sophos: Hackers utilize LOLbins to attack organizations

“To me, the percentage of organizations that successfully stop an attack before encryption is a strong indicator of security maturity,” said Chester Wisniewski, director, field CTO, Sophos.

Mitigation

Wisniewski emphasized that the number of mitigation efforts in the sector is decreasing, raising concerns about the preparedness for future attacks. The report also noted that healthcare organizations are experiencing longer recovery times, with 47% recovering within a week, down from 54% the previous year.

“Part of the problem is that ransomware attacks continue to grow in sophistication, and the attackers are speeding up their attack timelines,” he said.

Sophos observed a slight reduction in the overall number of ransomware attacks against surveyed healthcare organizations, dropping from 66% in 2022 to 60% this year. The percentage of healthcare organizations making ransom payments also decreased, from 61% last year to 42% this year, which is lower than the cross-sector average of 46%.

The primary cause of ransomware attacks against healthcare organizations is compromised credentials, followed by exploits.