Two-thirds (66%) of organizations were hit by a ransomware attack in 2021, surging from 37% in 2020, according to Sophos’ State of Ransomware 2022 report.
The survey of 5600 mid-sized organizations across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East and Africa also showed a significant growth in the size of ransom payments and the proportion of organizations paying ransom demands.
It found that the average ransom paid by organizations that had data encrypted increased nearly five-fold to $812,360. In addition, 11% of organizations surveyed admitted paying ransoms of $1m or over in 2021, up from 4% in 2020. Conversely, there was a significant drop in organizations paying less than $10,000, falling from 34% in 2020 to 21% in 2021.
The report, conducted by Vanson Bourne, also found that close to half (46%) of organizations that had data encrypted in a ransomware attack paid the extortion demand. Surprisingly, even among organizations that were able to restore encrypted data using backups last year, over a quarter (26%) paid the ransom.
The increasing willingness to pay extorters’ demands may be due to the enormous recovery costs following a ransomware attack. The study found that the average cost to recover from the most recent ransomware attack in 2021 was $1.4m, while the average time to recover from the damage and disruption was one month. Around nine in 10 (90%) of respondents admitted the incident affected their ability to operate, with 86% of private sector victims losing business and/or revenue as a result of the attack.
Another area highlighted by the report was the growing emphasis on cyber insurance to help organizations recover from ransomware. More than four-fifths (83%) of mid-sized organizations said they have taken out insurance that covers them in the event of a ransomware attack. In almost all (98%) incidents, the insurer paid some or all the costs incurred, with 40% covering the ransom payment.
Most (94%) organizations with cyber insurance also revealed the changing nature of cyber insurance policies over the past 12 months, with higher demands for cybersecurity measures and more complex or expensive policies. In addition, they observed fewer organizations offering insurance protection.
Chester Wisniewski, principal research scientist at Sophos, commented: “Alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available. There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk. Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”
Infosecurity editorial director, Eleanor Dallaway, recently caught up with Wisniewski to discuss the State of Ransomware 2022 report in more detail, including the growing influence of cyber insurance on the attack vector. You can read that interview with Wisniewski here.