In the first quarter of 2023, 3000 cybersecurity/IT leaders were interviewed for the Sophos State of Ransomware 2023 report. These leaders represented organizations from 14 different countries, with employee counts ranging from 100 to 5000 and revenue ranging from less than $10m to more than $5bn. Here are some alarming statistics from the report.
Key observations
The percentage of ransomware victims whose data was successfully encrypted by attackers reached 76% in the past year.
- The education sector experienced the highest level of ransomware attacks. About 79% of higher education institutions and 80% of lower education organizations reported falling victim to ransomware.
- According to 36% of respondents, the main cause of ransomware attacks was exploited vulnerabilities, followed by 29% claiming that it was compromised credentials.
- Around 30% of attacks were caused by emails - 18% started with a malicious email and 13% began with phishing.
- In the media, leisure, and entertainment sector, 55% of attacks were caused by exploited vulnerabilities, highlighting significant security gaps.
Attack recovery stats
- Organizations that paid a ransom to decrypt their data faced higher recovery costs compared to those who used backups.
- The average recovery cost for ransom payments was $750,000, whereas organizations relying on backups spent $375,000.
- Only 39% of organizations that paid the ransom were able to recover within a week, while 45% of those relying on backups achieved it in the same timeframe.
Separately, in 30% of the cases where data was encrypted, the attackers also stole the data, indicating a growing trend of combining data encryption and exfiltration techniques.
Who paid and who didn’t?
- Overall, 46% of organizations that had their data encrypted opted to pay the ransom.
- Notably, larger organizations were more likely to pay, with more than half of businesses with revenue exceeding $500 million choosing to pay the ransom.
- The highest payment rate was observed among organizations with revenue over $5 billion.
Othe key data
- The central and federal government sector had 41% of attacks originating from compromised credentials, potentially indicating a higher incidence of credential theft or difficulties in preventing the exploitation of stolen credentials.
- Conversely, the IT, technology, and telecoms sector reported the lowest rates of both exploited vulnerabilities (22%) and compromised credentials (22%), suggesting robust cyber defenses.
- However, this sector faced a high prevalence of email-based attacks, with 51% originating from users' inboxes.
Conclusion
As attackers refine their TTPs, defenders are facing challenges in keeping up, leading to a rise in encryption rates. The significant decrease in the utilization of backups for recovering encrypted data is a cause for substantial worry. Furthermore, it is recommended that organizations defend against the most common attack vectors and maintain good security hygiene.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/6b20_shutterstock_307210721.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/7bf8_shutterstock_1243363546_1.jpg)
