By Cynthia Ezekwe
A recent report from Sophos Group plc, a British-based security software and hardware company has disclosed that ransomware attacks are the biggest cyber risks facing organisations as attacks on businesses hit four year high.
The Sophos 2023 threat report titled “state of ransomware 2023’’, said cyber criminals have been developing and refining the ransomware-as-a-service model for several years. It also found that in 76 per cent of ransomware attacks against surveyed organisations, adversaries succeeded in encrypting data.
The report said the education sector reported the highest level of ransomware attacks, with 79 per cent of higher education organisations surveyed and 80 per cent of lower education organizations surveyed reporting that they were victims of ransomware.
Sophos explained that the education sector traditionally struggles with lower levels of resourcing and technology than many other industries, and the data shows that adversaries are exploiting these weaknesses. On the other hand, IT, technology, and telecoms reported the lowest level of attack by 50 per cent, indicating a higher level of cyber readiness and cyber defences in the sectors.
Analysing the root causes of ransomware attacks, the company found that an exploited vulnerability was the most common root cause of ransomware attacks, and is usually involved in 36 per cent of most cases, followed by compromised credentials involved in 29 per cent of most cases. It said this is in line with recent, in-the-field incident response findings from Sophos’ 2023 active adversary report for business leaders.
The research showed a clear correlation between annual revenue and propensity to experience a ransomware attack, with the percentage of organisations hit by ransomware increasing progressively with revenue.
It disclosed that 56 per cent of organisations with revenue of $10-$50 million experienced a ransomware attack in the last year, rising to 72 per cent of those with revenue of $5 billion plus.
Sophos’ report pointed out that data encryption from ransomware attacks has continued to rise, with adversaries succeeding in encrypting data in over three quarters, representing about 76 per cent of ransomware attacks.
“In fact, encryption levels are now at their highest point in the last four years. This likely reflects the ever-increasing skill level of adversaries who continue to innovate and refine their approaches,” the report stated.
Also, the cyber report emphasised that 30 per cent of attacks where data was encrypted, data was also stolen, stating that the “double dip,’’ which is a data encryption and data exfiltration method employed by adversaries is becoming commonplace.
“This double dip approach by adversaries is becoming increasingly commonplace as they look to increase their ability to monetize attacks. The threat of making stolen data public can be used to extort payments and the data can also be sold. The high frequency of data theft increases the importance of stopping attacks as early as possible before information can be exfiltrated,’’ the report noted.
According to the report, 97 per cent of organisations that had data encrypted got data back, pointing out that backups were the most common approach, used in 70 per cent of incidents.
In addition, it stated that 46 per cent of companies who were victims of ransomware attacks paid the ransom and got their data back, while two per cent used other means. Adding that overall, one in five, which is about 21 per cent used multiple methods to restore their data, while 1 per cent of organisations that had data encrypted paid the ransom but didn’t get data back.
It explained that organisations with lower annual revenue have less money to fund ransom payments, forcing them to focus on backups for data recovery; while larger revenue organisations typically have complex IT infrastructures which may make it harder for them to use backups to recover data in a timely fashion, noting that they are are also the businesses most able to buy their way out of such situations.
“Recovery Costs Ransom payments are just one element of recovery costs when dealing with ransomware events. Excluding any ransoms paid, organisations reported an estimated mean cost to recover from ransomware attacks of $1.82 million, an increase from the 2022 figure of $1.4 million and in line with the $1.85 million reported in 2021,’’ the report disclosed.
It noted further that the drop in the use of backups to recover encrypted data is aconsiderable cause for concern, stating that with the growth of the ransomware-as-a-service business model, there would be no drop in attacks in the coming years.
Recommending the best practices for companies to adopt, Sophos advised businesses to strengthen their defensive shields with security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials.
It also advised businesses to adopt adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond 24/7 threat detection, investigation, and response, whether delivered in-house or in partnership with a specialist Managed Detection and Response (MDR) service provider.
Sophos also urged organisations to optimise attack preparation, including making regular backups, practising recovering data from backups, and maintaining an up-to-date incident response plan; maintaining good security hygiene, including timely patching and regularly reviewing security tool configurations.
