Ransomware attacks are on the rise and their complexity and impact are also increasing. According to a survey, 66% of organizations were hit by ransomware in 2021, up from 37% in 2020. Attackers are also successfully encrypting data in their attacks. They succeeded in encrypting data in 65% of attacks in 2021. This was 54% in 2020.
Increased successful ransomware attacks are challenging the broader threat environment. 57% of organizations experienced an increase in the volume of cyberattacks overall, 59% saw the complexity of attacks increase, and 53% said that the impact of attacks had increased. 72% saw an increase in at least one of these areas.
Aftermaths of ransomware attacks
- Even as ransomware has become more prevalent, organizations have gotten better at dealing with the aftermath of ransomware attacks. Almost all organizations that were hit by ransomware in 2021 (99%) got some encrypted data back. Most organizations (73%) are using backups to restore data.
- At the same time, 46% reported that they paid the ransom to restore data. These numbers indicate that many organizations are using multiple restoration approaches to swiftly get up and running. 44% of the respondents whose organization’s data had been encrypted were using multiple methods to restore data.
- Over the last year, the number of attack victims paying ransoms of US$1 million or more increased almost 3 times from 4% in 2020 to 11% in 2021. The percentage of victims paying less than US$10,000 decreased from 34% in 2020 to 21% in 2021. The highest average ransom payments were US$2.04M paid by the manufacturing and production industry and US$2.03M by the energy, oil/gas, and utilities sector. The lowest average ransom payments were US$197K by the healthcare industry and US$214K by local/state governments.
- Paying the ransom gets you some data back, however, it was found that the percentage of data restored after paying ransom has dropped. On average, organizations got back only 61% of their data despite paying the ransom. In 2021, only 4% of organizations got all their data back after paying the ransom. In 2020, 8% of organizations got back all their data upon paying.
How can security teams ensure protection against ransomware attacks?
Ransomware attacks are causing major commercial and operational impacts. 90% of organizations hit by ransomware in 2021 reported that the most significant ransomware attack impacted their ability to operate. 86% of private sector organizations said that ransomware caused them to lose business/revenue.
Ransomware is a problem that organizations have a lot of trouble stopping. Organizations need to invest in the right technology and have people who know how to use it effectively. They should look to partner with experts that can help them improve the return on their cybersecurity investments and enhance their defenses.
While many organizations are choosing to reduce the financial risk associated with an attack by taking cyber insurance, optimizing the cybersecurity of the organization is imperative. Here are some ways to improve cyber security.
- Make sure your environment is protected by high-quality defenses at all points. Review your security controls to make sure they still meet your needs. Zero Trust is a proactive, integrated approach to secure all digital layers by explicitly and continuously verifying every transaction, asserting the least privilege, and relying on intelligence, advanced detection, and real-time response to defend against threats.
- Proactively hunt for threats to prevent attacks. If you don’t have the time or skills, you can outsource to a specialist.
- You can make your environment harder to attack by finding and closing security gaps. You can do this by looking for devices that are not patched, unprotected machines, open RDP ports, and so on. Extended Detection and Response (XDR) is a good tool for this purpose.
- Create backups of your data, and practice restoring from them. This will help you get back up and running quickly if something happens, with minimal disruption.
- Plan for actions that need to be carried out in case of ransomware disclosure. Read: How can organizations be prepared in the event of a ransomware data disclosure?
According to Gartner, by 2025, 30% of the countries will pass legislation that will regulate ransomware payments, fines, and negotiations. As the decision to pay the ransom or not is a business-level decision, it is recommended to engage a professional incident response team and law enforcement and any regulatory body before negotiating, if any unfortunate incident occurs.
Image credits: The State of Ransomware 2022