The number of ransomware attacks is continuing to increase, and worse, the size of the payments is rising dramatically too.
According to a report from cybersecurity firm Sophos, two-thirds (66%) of mid-sized organizations worldwide suffered a ransomware attack last year, as compared with 37% the year prior.
Almost two-thirds (59%) of respondents also said the complexity of attacks has increased, while for more than half (53%), the impact has increased as well.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
Data restoration
Even more concerning is the sharp rise in the value of ransom demands. The global average spiked from $170,000 in 2020 to $812,000 last year, with 11% of organizations paying more than $1 million in ransom fees.
At the same time, the percentage of organizations paying less than $10,000 dropped from 34% in 2020, to 21% in 2021.
Furthermore, more businesses are opting to pay the ransom, despite law enforcement agencies advising otherwise. The report states that 46% of organizations that suffered a ransomware attack ultimately ended up caving in to demands in 2021.
“There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible,” said Chester Wisniewski, Principal Research Scientist at Sophos.
“Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk. Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more.”
“If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”