Ransomware attacks are getting more frequent, more successful and more expensive.
Sixty-six percent of the organizations surveyed by Sophos for its annual State of Ransomware report admitted that they were hit with a ransomware attack last year, up from 37% in 2020. And 65 percent of those attacks were successful in encrypting their victims’ data, up from 54 percent the year before.
On top of that, the average ransom paid by organizations for their most significant ransomware attack grew by nearly five times, to just over $800,000, while the number of organizations that paid ransoms of $1 million or more tripled to 11%, the UK-based cybersecurity company said. For its annual report, Sophos surveyed 5,600 organizations from 31 countries. A total of 965 of those polled shared details of their ransomware attacks.
The numbers aren’t a huge surprise after a year of epic ransomware attacks that shut down everything from ato one of the in the US. While both Colonial Pipeline and JBS US Holdings paid millions in ransom, the attacks paused their operations long enough to spark panic buying and drive prices up for consumers.
Those and other attacks prompted the White House to convene an international counter-ransomware event in October that brought together representatives from more than 30 countries, including big US allies like the UK, Canada and Japan. The group pledged to share information and work together to track down and prosecute the cybercriminals behind ransomware attacks.
Notably absent: Russia, which the US and other countries blame for harboring and possibly encouraging the groups behind the attacks. Now, with much of the world actively opposing, experts worry that Russia itself will unleash its own ransomware attacks as part of a against Ukraine and its supporters.
Regardless of an attacker’s motivations, ransomware remains a lucrative tool for cybercriminals.
Chester Wisniewski, principal research scientist for Sophos, said ransomware costs not only continue to rise, but a growing number of victims are choosing to pay up, even when they have other options.
Forty-six percent of those polled who reported that their data was locked up by an attack said they paid the ransom to get their data back and 26% said they paid a ransom even though they could have restored it themselves with backups.
Wisniewski said there could be several reasons for this, including incomplete backups, or the desire to keep a company’s data from being posted online.
In addition, after a ransomware attack there’s often intense pressure to get back up and running as quickly as possible and restoring from backups can often be difficult and time consuming, he said. But while paying cybercriminals for a decryption key can be a tempting idea, it’s also a risky one.
“Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more,” Wisniewski said in a statement. “If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”