Freshly released ransomware statistics reveal a grim reality – the number of victims keeps growing, more companies are paying up, and ransoms that criminals demand are sky-high.
A survey by cybersecurity company Sophos revealed that the average ransom paid by victims increased nearly fivefold in 2021 to over $800,000. Adversaries vary their ransom demands across industries, extracting the highest sums from those they consider most able to pay.
Last were, the highest average ransom payments (over $2 million) were made by victims in the manufacturing and production and energy, oil, gas, and utility sectors.
The number of companies hit by ransomware attacks is also rapidly growing. 66% of organizations experienced an attack in 2021, up from 37% in 2020.
“Alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available,” said Chester Wisniewski, a principal research scientist at Sophos.
46% of victim organizations paid the ransom last year, hoping to get their encrypted data back even though they had other means for data recovery, such as backups. Even in Italy, where extortion payments are illegal, 43% of those whose data was encrypted admit that their organization paid up.
“There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack, there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be difficult and time-consuming, so it can be tempting to think that paying a ransom for a decryption key is a faster option,” Wisniewski said.
However, paying a ransom is an option fraught with risk. Malicious hackers might have added backdoors, copied passwords, and other sensitive data, leaving the company susceptible to similar attacks.
If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack,Wisniewski said.
While some argue that paying ransom only fuels the ransomware ecosystem, experts agree that succumbing to cybercriminals’ demands sometimes might be the only way for businesses to avoid costly disruptions, the shutdown of essential services, or the release of sensitive information. Last year, around 11% of firms paid ransoms of $1 million or more, up from 4% in 2020.
“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head-on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Wisniewski.
It has become increasingly easy to deploy ransomware, with many attack tools available as-a-service. The fact that many cyber insurance providers have covered a wide range of ransomware recovery costs, including ransom payments, likely contributed to even higher ransom demands. However, Wisniewski believes that the tide is about to turn.
“The results indicate that cyber insurance is getting tougher, and in the future, ransomware victims may become less willing or less able to pay sky-high ransoms,” he said.
Insurers are more likely to cover the cleanup costs to get the organization up and running. However, they are reluctant to pay ransoms – 40% of respondents reported that the insurer paid the extortion, down from 44% in 2019.
“Sadly, this is unlikely to reduce the overall risk of a ransomware attack. Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing, and cybercriminals will continue to go after the low hanging fruit,” Wisniewski said.
However, cyber insurance pushes organizations to boost their defenses, including implementing new technologies and services, increasing staff training, and changing processes and behaviors in the company.
More from Cybernews:
Subscribe to our newsletter