In its new State of Ransomware 2023 report, Sophos proves that data encryption by ransomware with 76 (international) had never reached such a high level. An evaluation also shows that paying the ransom only doubles the recovery costs.
Sophos has published its new global study "State of Ransomware 2023", according to which cybercriminals in Germany succeed in encrypting data in 71 percent (internationally 76 percent) of ransomware attacks on organizations. From an international perspective, it is the highest rate of data encryption by ransomware since Sophos first published the annual ransomware report in 2020.
Ransom payment only increases data recovery costs
From a global perspective, the survey shows that companies that paid ransom to have their data decrypted further doubled their recovery costs ($750.000 recovery costs versus $375.000 for companies using backups to recover data). Also, paying the ransom typically means longer recovery time: 45 percent of the companies that used backups were able to recover the data within a week, compared to 39 percent of the companies that paid the ransom.
66 percent already attacked by ransomware
A total of 58 percent (internationally 66 percent) of the companies surveyed were attacked by ransomware in Germany. This suggests that despite the perceived decline during the pandemic years, the number of ransomware attacks has remained consistently high.
“Encryption rates have rebounded to very high levels after a temporary drop during the pandemic, which is worrying. Ransomware criminals have refined their attack methods and accelerated their attacks to reduce the time in which defenders could thwart their plans," said Chester Wisniewski, Field CTO, Sophos, classifying the study results
Backups are better than ransoms
“The cost of incidents increases significantly when ransom is paid. Most victims will not be able to recover all of their files simply by purchasing the encryption keys; they also need to import backups. Paying ransom not only enriches criminals, but also slows incident response and increases costs in an already devastating situation,” Wisniewski continues.
When analyzing the cause of ransomware attacks, the most common starting points were an exploited vulnerability at 24 percent (international 36 percent) and compromised access data at 36 percent (international 29 percent). This coincides with the most recent Incident Response Insights from the "2023 Active Adversary Report for Business Leaders” by Sophos on site incident response.
Other important results of the study
- In 30 percent of ransomware cases with data encryption in Germany, the attackers also stole data. This indicates that this "double dip" method (data encryption and data exfiltration) is becoming more common.
- Internationally, the education sector reports the highest number of ransomware attacks: 79 percent of higher education organizations surveyed and 80 percent of lower education organizations surveyed report that they were victims of ransomware.
- A total of 44 percent (46 percent internationally) of the organizations surveyed in Germany whose data was encrypted paid ransom and received data back. However, from an international perspective, ransom payments were far more common among larger organizations. More than half of companies with sales of $500 million or more paid the ransom, with the highest rate reported by companies with sales over $5 billion. This could be partly because larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments.
“Two-thirds of organizations say they have been victims of ransomware for the second year in a row. The key to reducing this risk is to drastically reduce both the time to detection and the time to response. Human-led threat hunting is very effective in stopping these criminals, but the alerts must be investigated and the criminals removed from systems in hours, not weeks and months.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
Experienced analysts can spot active intrusion patterns in minutes and take immediate action. This is probably the difference between the one-third of companies that remain secure and the two-thirds that are not. Businesses need to be on XNUMX/XNUMX alert to have an effective defense in place these days,” Wisniewski said.
Three tips from Sophos to protect against ransomware and other cyberattacks
1. Reinforce defense shields by:
- Security tools that block the most common attack vectors. These should endpoint protection with strong anti-exploit features to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart abuse of compromised credentials.
- Adaptive technologies that automatically respond to attacks, disrupting attackers and giving defenders time to respond
- 24/7 threat detection, investigation and response. Either in-house or through a specialized provider of Managed detection and response (MDR)
2. Optimizing attack preparedness, including regular backups, testing to restore data from backups, and maintaining an up-to-date incident response plan
3. Maintaining good security hygiene, including timely patching and regular review of security tool configurations
Background to the study
Data for the State of Ransomware 2023 study is from a vendor-independent survey of 3.000 cybersecurity/IT executives conducted between January and March 2023. Respondents hail from 14 countries in the Americas, EMEA and Asia Pacific. The companies interviewed employ between 100 and 5.000 people and generate sales of between less than 10 million and more than 5 billion US dollars.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.