According to a new report, ransomware operators are getting better at encrypting data during attacks, which is causing additional headaches for IT teams trying to counter the attack.
Status of Sophos ransomware (opens in a new tab) A 2023 report, based on a vendor-neutral survey of 3,000 cybersecurity and IT leaders, found that in three-quarters (76%) of ransomware attacks, cybercriminals succeeded in encrypting data – the highest percentage since Sophos began tracking this index three years ago.
High recovery costs for those who pay
The report also gives another reason why companies should refrain from paying the ransom. Those that did doubled their recovery costs – $750,000 compared to $375,000 for those that only used backups. Also, it takes longer to recover files with a decryptor. Nearly half (45%) of organizations using backups recovered their data within a week, compared to two in five (39%) organizations that paid.
Sophos also warns that, despite other reports to the contrary, the number of ransomware attacks is not decreasing – it remains constant. This year, 66% of companies surveyed reported a ransomware attack, similar to last year.
“Encryption rates have returned to very high levels after a temporary decline during the pandemic, which is certainly worrying. Ransomware teams are refining their attack methodologies and accelerating attacks to reduce the time defenders can disrupt their plans,” said Chester Wisniewski, field CTO at Sophos.
“Incident costs increase significantly when the ransom is paid. Most victims will not be able to recover all their files simply by purchasing encryption keys; they also need to rebuild and recover data from backups. Paying the ransom not only enriches the criminals, but also slows down incident response and increases costs in an already very costly situation,” said Wiśniewski.
The Sophos report also claims that system vulnerabilities are most often used to launch ransomware attacks (36%) rather than compromised credentials (29%), showing the importance of keeping software and hardware up to date.