The median ransomware recovery cost for two critical infrastructure sectors, energy and water, has quadrupled to $3 million in a year, according to Sophos.
Recovery costs from ransomware attacks against the two sectors are now four times higher than the global cross-sector median, the cybersecurity experts said in a new report.
Meanwhile, the median ransom payment in energy and water jumped to more than $2.5 million in 2024 – half a million more than in other sectors.
The State of Ransomware in Critical Infrastructure 2024 report also noted that 49% of ransomware attacks against energy and water sectors started with an exploited vulnerability.
Sophos surveyed 5,000 cybersecurity and IT leaders across 14 countries and 15 industry sectors. The energy and water sectors reported the second-highest rate of ransomware attacks, with 67% of organizations saying they were hit by ransom demands in 2024, compared to the cross-sector average of 59%.
“Criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and, they hope, ransom payments to restore services more quickly,” Chester Wisniewski, chief technical officer at Sophos, said.
“This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption,” he said.
This may increase the pressure to heed cybercriminals' demands and pay the ransom money. However, only 20% of organizations in the energy and water sectors were able to recover within a week or less in 2024, compared to 41% in 2023 and 50% in 2022.
More than half took more than a month to recover, up from 36% a year before. Across sectors, only 35% of companies took more than a month to recover.
“This once again shows that paying ransom payments almost always works against our best interests,” Wisniewski said.
He added: “Not only do these high rates and amounts of ransoms encourage more attacks on the sector, but they are not achieving the claimed goal of shorter recovery times.”
Cybersecurity experts said the vulnerable energy and water sectors “must recognize” they are being targeted. This includes taking proactive steps to monitor their exposure to remote access and network devices for vulnerabilities and ensuring they have 24/7 monitoring and response capabilities.
Organizations are also urged to plan and regularly rehearse their incident response strategies in advance, just as they do for other emergencies like fires, floods, hurricanes, and earthquakes.
Your email address will not be published. Required fields are markedmarked