Amounts extorted in ransomware attacks exploded in the last year

Cristina De Luca -

April 29, 2021

The average total cost of recovery from a ransomware attack has more than doubled in the past 12 months, increasing from $761,106 in 2020 to $1.85 million in 2021according to global research from Sophos. “The State of Ransomware 2021” report surveyed 5,400 IT decision-makers in mid-sized organizations in 30 countries across Europe, the Americas, Asia-Pacific and Asia-Pacific, and Central Asia, the Middle East, and Africa.

Source: “The State of Ransomware 2021” report

While the number of companies falling victim to an attack has dropped — from 51% of respondents in 2020 to 37% in 2021 — the results reveal worrying growing trends, especially in terms of the impact of a ransomware attack.

The number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) were able to recover all their data after payment, with 29% receiving no more than half of what they had lost.

In other words: 92% of victims lost at least some data, and more than 50% of them lost at least a third of their precious files, despite paying up and expecting the crooks to keep their promise that the data would be restored.

The average payment per ransom reached $170,404. The largest disbursement reached $3,2 million. Ten organizations paid redemptions of $1 million or more.

In addition, the definition of what constitutes a ransomware attack is evolving. Many attackers have shifted to more targeted attacks that include manual, human-operated intrusion and theft rather than data encryption. And they are demanding payment in exchange for not leaking the stolen information. In other words, encryption is down. Extortion is on the rise.

“A recent example of this new approach involved the Clop ransomware gang and a known financially motivated threat actor that hit about a dozen alleged victims with extortion-only attacks,” explains Chester Wisniewski, a scientist at Sophos.

Source: “The State of Ransomware 2021” report

That’s why it’s more important than ever to protect the enterprise from cybercriminals at the front door before they have a chance to unfold their increasingly multifaceted attacks. As more ransomware attacks also involve extortion, it is more important than ever to keep criminals at bay.

The key to stopping ransomware is defense-in-depth, which combines network monitoring technologies, dedicated anti-ransomware technologies, and human-led threat hunting. Technologies provide the necessary scale and automation, while human experts are better able to detect the tactics, techniques, and procedures that indicate an attacker is trying to enter the environment.

“Now, ransomware gangs often stalk entire networks, breaking into them one by one and preparing for a moment (usually scheduled for when the network’s IT staff are asleep) when all computers can be hit simultaneously,” explains Paul Ducklin, an analyst at Sophos.

This year, 1,166 respondents said they hadn’t been hit by ransomware in the past 12 months and do not expect to be hit in the future. The main reason for this seemingly excessive confidence is that they consider themselves to have well-trained IT staff capable of preventing attacks.

If your company doesn’t have these skills in-house, look into getting support from a specialist cybersecurity company – Security Operation Centres (SOCs) are now realistic options for organizations of all sizes.

“Recovery from a ransomware attack can take years and involves much more than just decrypting and restoring data,” Wisniewski points out.”Entire systems need to be rebuilt from scratch. That’s not counting operational downtime and the impact on customers. The best way to prevent a cyber attack from turning into a full-blown breach is to prepare in advance. Organizations that fall victim to an attack often realize they could have avoided significant financial loss and disruption if they had an incident response plan in place.

The State of Ransomware 2021 survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2021. The survey interviewed 5,400 IT decision-makers in 30 countries: US, Canada, Brazil, Chile, Colombia, Mexico, Austria, France, Germany, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Switzerland, Poland, the Czech Republic, Turkey, Israel, UAE, Saudi Arabia, India, Nigeria, South Africa, Australia, Japan, Singapore, Malaysia, and the Philippines. All respondents were from organizations with between 100 and 5,000 employees.

Source: “The State of Ransomware 2021” report