25 October 2024, Fri |
9:34 PM
Sophos, a provider of cutting-edge security solutions against cyber threats, has unveiled its latest findings in the “State of Ransomware 2024” report. The report reveals a staggering 500% surge in average ransom payments over the past year. Organizations that yielded to ransom demands reported an average payment of $2 million, marking a sharp increase from $400,000 in 2023.
However, ransom payouts are just one facet of the financial toll. Excluding ransoms, the average cost of recovery has soared to $2.73 million, nearly $1 million more than the figure reported in 2023 ($1.82 million), according to the survey.
Despite the alarming rise in ransom amounts, the report indicates a slight decrease in the frequency of ransomware attacks, with 59% of organizations experiencing an attack, compared to 66% in the previous year. Yet, even smaller entities with revenue under $10 million are not spared, as nearly half (47%) reported falling victim to ransomware.
Moreover, the report highlights that 63% of ransom demands exceeded $1 million, with 30% surpassing the $5 million mark, underscoring the profit-seeking motives of ransomware operators. Alarmingly, this escalation in ransom amounts is not confined to high-revenue organizations, as nearly half (46%) of those with revenue below $50 million faced seven-figure ransom demands.
John Shier, Sophos’ field CTO, warns against complacency despite the slight dip in attack rates. He emphasizes that ransomware remains the most prevalent threat, fueling the cybercrime economy. Shier underscores the diverse landscape of ransomware operations, catering to cybercriminals of varying skill levels and motivations.
Exploited vulnerabilities emerged as the leading cause of ransomware attacks for the second consecutive year, affecting 32% of organizations, followed closely by compromised credentials (29%) and malicious email (23%). These findings align with Sophos’ recent incident response reports.
The report underscores the severe impact of vulnerabilities, with organizations experiencing higher rates of backup compromise, data encryption, and ransom payments when attacks originate from exploited vulnerabilities. Additionally, organizations facing attacks stemming from vulnerabilities endure greater financial and operational repercussions, with longer recovery times.
Key insights from the report include:
– Only 24% of ransom payers meet the initial demand, with 44% negotiating lower payments.
– On average, ransom payments amount to 94% of the initial demand.
– 82% of ransom payments are funded from multiple sources, with 40% from organizations themselves and 23% from insurance providers.
– 94% of ransomware victims report attempted compromises of their backups, with a 57% success rate.
– In 32% of incidents, stolen data accompanies encrypted data, enhancing attackers’ extortion leverage.
Shier stresses the importance of proactive risk management, urging organizations to address vulnerabilities and credential compromises promptly. He advocates for imposing costs on attackers to enhance defensive capabilities and deter future breaches.
Sophos recommends the following strategies to bolster defenses against ransomware:
– Assess risk profiles using tools like Sophos Managed Risk to prioritize vulnerabilities and guide remediation.
– Deploy endpoint protection solutions like Sophos Intercept X to combat evolving ransomware techniques.
– Enhance threat detection and response capabilities through in-house teams or Managed Detection and Response (MDR) providers.
– Develop and rehearse incident response plans, alongside regular backups and data recovery drills.
The “State of Ransomware 2024” report is based on a survey of 5,000 cybersecurity/IT leaders across 14 countries, conducted between January and February 2024. Respondents represented organizations with 100 to 5,000 employees and revenue ranging from less than $10 million to over $5 billion.
