Two-thirds of organisations were hit by ransomware in 2021, up 37 percent from 2020 – and the amount paid to recover data is also up, a new report from Sophos found.
“Adversaries have become considerably more capable at executing the most significant attacks at scale,” the State of Ransomware 2022 report read.
Organisations have, however, gotten better at restoring their data in the aftermath of an attack. Last year, 99 percent of organisations got some encrypted data back, but a smaller number of victims got all their data back.
Adversaries have also become more successful at encrypting data in their attacks. In 2021 attackers succeeded in encrypting data in 65 percent of attacks, an increase on the 54 percent encryption rate reported in 2020. However, there was a reduction from 7 percent to 4 percent in the percentage of victims that experienced an extortion-only attack where data was not encrypted but the organisation was held to ransom with the threat of exposing data.
The increase in successful ransomware attacks is part of an increasingly challenging broader threat environment: over the last year 57 percent experienced an increase in the volume of cyberattacks overall, 59 percent saw the complexity of attacks increase, and 53 percent said the impact of attacks had increased. Seventy-two percent saw an increase in at least one of these areas.
Data recovery is rising, with 96 percent receiving data back in 2021. But 44 percent of respondents said they had to use multiple methods to restore data. Backups are the primary method used to restore data, used by 73 percent of organisations whose data was encrypted. At the same time, 46 percent reported that they paid the ransom to restore data.
“While paying the ransom almost always gets you some data back, the percentage of data restored after paying has dropped. On average, organisations that paid got back only 61 percent of their data, down from 65 percent in 2020. Similarly, only 4 percent of those that paid the ransom got all their data back in 2021, down from 8 percent in 2020,” the report found.
There has been an almost threefold increase in the proportion of victims paying ransoms of $1 million or more, up from 4 percent in 2020 to 11 percent in 2021. In parallel, the percentage paying less than $10,000 dropped from one in three (34 percent) in 2020 to one in five (21 percent) in 2021.
Overall, the average ransom payment came in at $812,360. The average amount paid across sectors varies widely, with ransoms in the manufacturing and energy, oil and gas, and utilities industries ticking upward of $2 million. In healthcare and local and state government, payments average between $197,000 and $214,000.
A silver lining, the average cost to rectify a ransomware attack in 2021 dropped to $1.4 million, down from $1.85 million in 2020. On average, it took a year to recover from an attack.
“[The drop] likely reflects that, as ransomware has become more prevalent, the reputational damage of an attack has lessened. In parallel, insurance providers are better able to guide victims swiftly and effectively through the incident response process, reducing the remediation cost,” the report found.
