The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021, according to the latest findings by Sophos.
The global cybersecurity’s firm’s The State of Ransomware 2021 report also found that the average ransom paid is $170,404. The global findings also showed that only 8% of organisations managed to get back all of their data after paying a ransom, with 29% getting back no more than half of their data. In the UAE, the average cost of remediating a ransomware attack $517,961in 2021, compared to $696,305 in 2020.
CHECK THIS OUT: How to save your business from ransomware attacks
While the number of organisations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, in the UAE, 38% of respondents mentioned a ransomware attack in the last one year, down from 49% in 2020.
Globally,fewer organisations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020), while in the UAE it dropped to 50%, down from 78% in 2020. The new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack.
“The apparent decline in the number of organisations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviours,” said Chester Wisniewski, principal research scientist, Sophos.
“We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.”
Further into the study, Sophos found that the number of organisations that paid the ransom globally increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all of their data. In the Middle East, 28% of the organisations hit by ransomware paid a ransom.
ALSO READ: Sophos introduces new solution to thwart TLS cyber-attacks
“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organisations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” said Wisniewski.
“This could be in part because using decryption keys to recover information can be complicated. What’s more, there’s no guarantee of success. For instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible.”
