British cybersecurity firm Sophos launched its State of Ransomware 2022 report, revealing that 51% of South African organisations surveyed in its examine have been hit with ransomware in 2021.
Of the businesses hit with ransomware, 49% of them ended up paying the ransom to retrieve their information, no matter whether or not they had different technique of restoration.
According to Sophos principal analysis scientist Chester Wisniewski, the variety of victims paying ransoms is rising.
“The survey shows that, globally, the proportion of victims paying the ransom continues to increase, even when they may have other options available,” Wisniewski mentioned.
“There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site.”
He defined that there’s usually strain on the organisation to return to normality as quickly as attainable within the aftermath of a ransomware assault, therefore the willingness to pay ransoms.
“Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk,” Wisniewski mentioned.
“Organisations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more.”
Wisniewski emphasised the necessity for organisations which have had their techniques encrypted to wash up the recovered information.
“If organisations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack,” he mentioned.
The most important findings for South Africa within the State of Ransomware 2022 world survey embrace:
- A considerable proportion (49%) of organisations are paying ransom remands
- The after-effects of a ransomware assault may be huge, with the associated fee to get well from the latest assault in 2021 being $710,000 (R11.5 million)
- 77% of organisations depend on cyber insurance coverage that covers ransomware assaults. In 99% of incidents, the insurer paid all or a number of the prices.
“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head-on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” Wisniewski mentioned.
He expects even greater ransom calls for sooner or later as cyber insurers cowl a variety of restoration prices, and it turns into more and more straightforward for cybercriminals to deploy ransomware.
“However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky-high ransoms,” Wisniewski added.
He additionally acknowledged that this was unlikely to scale back the general danger of ransomware assaults.
Sophos offered some greatest apply suggestions to guard organisations in opposition to cyber assaults and ransomware:
- Maintain high-quality defences throughout all factors within the organisation. Review safety controls repeatedly to make sure they proceed to satisfy the organisation’s wants.
- Hunt for threats proactively to determine and cease actors earlier than they execute their assault. If an organisation doesn’t have the capability to take action, it could actually outsource to a managed detection and response specialist.
- Search for and shut key safety gaps, together with unpatched units, unprotected machines, open Remote Desktop Protocol ports, and so on.
- Prepare for the worst. Know what to do if a cyber incident happens and preserve the plan up to date.
- Make backups, and apply restoring information from them in order that the organisation can return to providers as rapidly as attainable.