An alarming new report from U.K.-based cybersecurity company Sophos finds that both the amount of organizations hit with ransomware and the ransom paid are drastically increasing, with the average ransomware payment now not far off from reaching seven figures.
The company’s State of Ransomware 2022 report, the results of a survey of 5,600 IT professionals at organizations from 31 countries around the world, shows that 66% were hit with ransomware last year, a marked increase from just 37% that reported being impacted by ransomware in 2020.
Even more alarming, the average ransomware payment has skyrocketed to $812,360, a fivefold increase from 2020. Based on 965 organizations that shared details of ransomware payments, the report also discovered a threefold increase in the percentage of organizations paying ransoms of $1 million or more (from 4$ to 11%), signaling that the ransomware industry is as lucrative and robust as ever.
Organizations are too willing to pay the ransom
Sophos also found that nearly half of all organizations that had data encrypted by a ransomware threat actor paid the ransom to get their data back. The data also suggests that organizations are opting to pay the ransom even if they have data recovery tools at this disposal, as 26% of organizations paid the ransom despite being able to restore from backups.
According to Chester Wisniewski, principal research scientist at Sophos, there could be several reasons for paying the ransom while maintaining backups, including incomplete backups, preventing stolen data from appearing on leak sites or pressure to get back up and running quickly.
Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk,” Wisniewski said in a statement. “Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”
Ransomware attackers are also becoming more successful at encrypting data, with 65% of attacks successfully doing so in 2021, compared with an encryption rate of 54% in 2020.
However, it isn’t just the average ransomware payment that has IT professionals up at night, Sophos’ report found, as 57% say they’ve seen an increase in the volume of overall cyberattacks, 59% saw the complexity of attacks increase, and 79% saw an increase in at least one of those areas. Despite those challenges, organizations are getting better at restoring data after an attack, with nearly all (99%) or organizations able to restore data after a ransomware attack, which is up slightly from 96% in 2020.
Sophos’ State of Ransomware 2022 Report reaffirms the importance of maintaining backups, as the technology was the top method used to restore data, used by 73% of organizations that had their data encrypted.
While more organizations are paying the ransom, the percentage of data restored after paying has dropped from 2020 to 2021, from 65% to 61%. Further, just 4% got all their data back, another decrease from 8% in 2020.
Cybersecurity insurance could be driving higher payments
Organizations are increasingly relying on cybersecurity insurance to help them recover from an attack, with 83% of organizations holding cyber policies that covers them in the event of a ransomware attack. In 98% of those incidents, the insurer paid some or all of the costs, and 40% covered the ransom payment, according to the report.
According to Wisniewski, this may be the “peak in the evolutionary journey of ransomware where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure.”
Ransomware is becoming easier for criminals to deploy, and insurance providers covering the ransomware demands may be driving the average ransomware payment even higher, the cybersecurity expert said. However, cybersecurity insurance is becoming tougher, which could make victims less willing to pay ransoms and more willing to harden their environments.
“Sadly, this is unlikely to reduce the overall risk of a ransomware attack,” Wisniewski said. “Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”
Sophos concludes the report with five tips, including implementing high-quality defenses at all points in the environment, proactively hunting for threats, hardening environments by closing down security gaps, planning for cyber incidents and practicing restoring from backups.