The percentage of ransomware victims whose data was encrypted by extortioners has increased to 76% over the past year. This is the highest since Sophos began documenting these trends, the vendor claimed today.
Sophos The State of Ransomware in 2023 The report was compiled from interviews with 3,000 cybersecurity/IT leaders conducted in the first quarter of 2023. Responding organizations were located in 14 countries, had 100 to 5,000 employees, and revenues ranged from under $10 million to over $5 billion.
The 2022 encryption rate is the highest since the report series started in 2020 when it was 73%. Sophos claims this is evidence that “the attacker’s skill level continues to improve and he continues to innovate and refine his approach.”
With an encryption rate of just 47%, only the IT, technology and telecommunications sectors were able to buck the trend.
Ransomware Details: Firms Who Pay Ransom Subsidize 10 New Attacks: Report.
In just under a third (30%) of cases where data was encrypted, it was stolen in a double extortion attack. However, in only 3% of cases, the ransom was demanded without the victim encrypting their data.
Interestingly, those who chose to pay the extortioners chose to pay double the recovery costs, from $375,000 to $750,000 on average for those with backups. There is also the risk of longer recovery times. According to Sophos, 45% of organizations with backups recovered within a week of him, compared to 39% of those who paid the ransom.
Nearly half (46%) of victims whose data was encrypted chose to pay the ransom, an increase of more than half among wealthy companies who are more likely to purchase independent cyber insurance.
These findings are somewhat inconsistent with blockchain analysis that reveals a 40% year-over-year decline in total ransomware payouts in 2022. It also contradicts his February Trend Micro report that he estimated that only 10% of victims paid extortionists.
Sophos claims that ransomware damage rates will remain high at 66% in 2022. It’s the same as last year.
Chester Wisniewski, Field CTO at Sophos, argued that it is likely that the damage rate has now plateaued.
“The key to bringing this number down is to aggressively reduce both detection and response times. And we need to get criminals out of the system in hours or days, not weeks or months,” he explained.
“Experienced analysts can recognize and act on patterns of active intrusions within minutes. These days, organizations need to be on guard 24/7 to have effective defenses.”
