Ransomware and the likelihood of attack: Becoming a victim of a ransomware attack is also a question of the industry: As the current Sophos report "The State of Ransomware 2021" shows.
A ransomware attack is a burden for organizations that should not be underestimated: data encryption, ransom demands, restoring data from backups, rebuilding systems and continuing operations, at least the most important processes. In addition, cyber criminals are increasingly using new tactics: it used to be the case, ransom money against data decryption is now: pay ransom, otherwise data publication. These so-called extortion attacks are a far more severe horror scenario: the attackers have less effort and exorbitantly increase their demands, because they too know that organizations face high fines if the data leak is concealed.
Education and government popular with ransomware attackers
Becoming a victim of a ransomware attack is also a question of the industry: As the current Sophos report "The State of Ransomware 2021" shows, not only manufacturers, service providers and retailers are affected in particular with 44 percent, education organizations. Authorities and state institutions are in third place (3 percent). In comparison: the probability of attack for ransomware worldwide is 40 percent. Distribution and transportation, as well as media, leisure, entertainment were the least likely to suffer.
This is matched by the information provided by the industries to what extent they were able to stop the encryption of their data in the event of a ransomware attack: Companies in the areas of sales and transport (48 percent) are the most successful in defense, followed by media, leisure and entertainment (47 percent).
The greatest likelihood of data encryption in the course of a ransomware attack is with state and local authorities (69 percent). The global average is 54 percent. Why are authorities particularly targeted by cyber criminals? An attempt to explain.
A question of the budget and the infrastructure
- Weaker defense mechanisms: As a rule, state and local authorities have to contend with low IT budgets and often a lack of IT staff.
- Targeted attacks: Due to their size and their access to public funds, authorities are often seen as lucrative targets and fall victim to targeted, complex attacks.
- High willingness to pay: While the willingness to pay ransom is 32 percent worldwide, 42 percent are the second highest willingness to pay. Energy, Oil & Gas, and Utilities are the most weighted to pay at 43 percent. This willingness on the part of the authorities may also be due to the fact that they are most likely to be affected by data encryption. And that might be why cyber criminals are targeting these institutions more.
It appears that there is a link between a company's ability to recover data from backups and its willingness to comply with ransom demands. Manufacturing and manufacturing companies are the least likely to pay ransom and are the most likely to be able to restore data from backups (68 percent). Ransom payments are also below average in the construction and real estate sectors, as well as with financial service providers. Both of them succeed more than average in restoring their data from backups.
Authorities are aware of their security vulnerabilities
The authorities and companies in the education system are aware of these weaknesses (each in first place with 1 percent). Globally, 30 percent state that they assume that they will be victims of ransomware due to their weakened or patchy cybersecurity.
A good approach to defending against ransomware attacks is with a recovery plan. After all, 90 percent of the companies surveyed own this. Authorities, however, are least equipped to defend themselves against malware attacks: only 73 percent of state and local authorities and 81 percent of federal authorities and public institutions have a recovery plan. This fact, too, may have resulted in these industries having a high willingness to pay for ransom demands.
In conclusion, organizations that can easily restore their data, have a recovery plan and modern and well-staffed cybersecurity are less prone to ransom. But that requires sufficient financial and organizational resources. The complete study "The State of Ransomware 2021" is available for download from Sophos.
More than PDF at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.