Sophos has released its annual “State of Ransomware 2023” report, which found that the rate of ransomware attacks has increased in India with 73% of organisations surveyed reporting they were a victim of ransomware up from 57% the previous year. In 77% of ransomware attacks against surveyed organizations, adversaries succeeded in encrypting data with 44% paying the ransom to get their data back – a considerable drop from last year’s rate of 78%.
On a global scale, the survey also shows that when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs (US$750,000 in recovery costs versus US$375,000 for organizations that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45% of those organizations that used backups recovering within a week, compared to 39% of those that paid the ransom.
“Although dipping slightly from the previous year, the rate of encryption remains high at 77 per cent, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos.
“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.
When analysing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 35% of cases), followed by compromised credentials (involved in 33% of cases). This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.