A recent report from Sophos reveals that median recovery costs for ransomware attacks on the Energy and Water sectors have surged to $3 million over the past year. This figure, presented in the “State of Ransomware in Critical Infrastructure 2024” report by the cybersecurity solutions company, is four times the global cross-sector median.
The report indicates that 49% of ransomware incidents in these sectors began with an exploited vulnerability. The data is drawn from a survey of 275 respondents in the energy, oil and gas, and utilities organizations, part of a larger survey of 5,000 cybersecurity and IT leaders conducted between January and February 2024.
“Criminals focus on areas where disruption can lead to quick ransom payments,” said Chester Wisniewski, global Field CTO at Sophos. “Utilities are prime targets due to their essential services,” he said. Wisniewski pointed out that these sectors are often operating with outdated technology and minimal staffing, making them vulnerable.”
In addition to the rising recovery costs, the median ransom payment for these sectors jumped to over $2.5 million in 2024, surpassing the global median by $500,000. The Energy and Water sectors also reported a 67% rate of ransomware attacks, compared to a global average of 59%.
Recovery from ransomware
Further findings show that recovery times have increased significantly. Only 20% of organizations hit by ransomware in 2024 recovered within a week, down from 41% in 2023. The report also revealed that 55% of these organizations took more than a month to recover, compared to 36% in the previous year.
Backup compromises were reported at 79%, and successful encryption at 80%, making these sectors among the most affected.
Wisniewski emphasized the need for proactive measures, including monitoring for vulnerabilities and ensuring 24/7 incident response capabilities. He stressed that effective response plans, similar to those for natural disasters, should be regularly rehearsed to minimize outages and recovery times.