By Emma Okonji
Sophos, a global next-generation cybersecurity company, has released the key findings of its recent global survey report, titled: ‘The State of Ransomware 2021,’ which revealed that the average cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021.
According to the report, the average ransom paid was $170,404.
The global report also stated that only eight per cent of organisations managed to get back all of their data after paying a ransom, with 29 per cent getting back no more than half of their data.
The survey polled 5,400 Information Technology (IT) decision makers in mid-sized organisations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa, which includes Nigeria.
While the number of organisations that experienced a ransomware attack fell from 51 per cent of respondents surveyed in 2020 to 37 per cent in 2021, and fewer organisations suffered data encryption as the result of a significant attack, reaching 54 per cent in 2021 compared to 73 per cent in 2020, the new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack.
Analysing the survey findings, the Principal Research Scientist at Sophos, Chester Wisniewski, said: “The apparent decline in the number of organisations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviors.”
According to Wisniewski, “We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.”
The main findings of the State of Ransomware 2021 global survey include: The average cost of remediating a ransomware attack more than doubled in the last 12 months. Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment, on average
The average ransom paid was $170,404, but while $3.2 million was the highest payment out of those surveyed, the most common payment was $10,000. Ten organisations paid ransoms of $1 million or more
The number of organisations that paid the ransom increased from 26 per cent in 2020 to 32 per cent in 2021, although fewer than one in 10, which is about 8 per cent, managed to get back all of their data
“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organisations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” Wisniewski, said.
“This could be in part because using decryption keys to recover information can be complicated. What’s more, there’s no guarantee of success. For instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible,” Wisniewski added.
The main findings of the state of Ransomware 2021 for Nigeria, according to the report, showed that 22 per cent of respondents from Nigeria had experienced a ransomware attack in the last 12 months, compared to 53 per cent in 2020, while 39 per cent of respondents from Nigeria that weren’t hit by ransomware in the last 12 months but expect to be hit in the future, believe that ransomware attacks are getting increasingly hard to stop due to their sophistication.
Sophos therefore recommended best practices to help defend against ransomware and related cyberattacks. The global security company advised organisations to always assume they will be hit, since ansomware remains highly prevalent, adding that no sector, country or organisation size is immune from the risk. It’s better to be prepared, but not hit, rather than the other way round, Sophos advised.
It also advised organisations to take backups and keep a copy offline, since backups are the main method organisations surveyed used to recover their data after an attack. It also recommended that organisations deploy layered protection, as more ransomware attacks also involve extortion.
