As the ransomware scourge keeps on escalating, businesses should pay more attention to their backup policies, writes Doug Casey
As ransomware attacks become more common and sophisticated, businesses need to bolster their back-up plans
The growing problem of cybercrime was highlighted recently by the ransomware attack on the Health Service Executive. The government decided not to pay the requested ransom, despite facing a much larger cost for sorting out the problem. Most businesses don’t have that luxury. If their PCs are locked up they have no choice but to pay up – unless they have backed-up their data.
The experience of most organisations subjected to a ransomware attack is that they never recover all the encrypted data, so regular backup is absolutely vital. The extent of the growing ransomware threat is illustrated by the recent ‘State of Ransomware’ report from cybersecurity specialist Sophos. Its findings are very alarming, and highlight why the attack on the HSE was almost inevitable.
Sophos commissioned research house Vanson Bourne to survey 5,400 IT decision makers across 30 countries, not including Ireland, in January and February 2021. The focus of the survey was mid to large organisations, with half the respondents in each country employing 100 to 1,000 people, and the balance with up to 5,000 staff. The report’s key findings include:
37% of respondents were hit by ransomware in the last year.
54% of victims said the cybercriminals succeeded in encrypting their data in the most significant attack.
On average, only two-thirds of the encrypted data was restored after the ransom was paid. l The average ransom paid was $170,000.
Sophos believes that many attackers have moved from generic, automated phishing attacks to more targeted attacks that include hands-on keyboard hacking. Its survey findings point to attacker preference for large organisations, as they are likely to be a more lucrative target. However, one in three smaller organisations in the survey cohort were hit by ransomware in the last year too.
Based on the survey responses, Sophos concludes that ransomware attackers concentrate their efforts on rich countries. One exception is Japan, which has very low levels of ransomware. The Sophos report muses: “It may be that the Japanese have invested heavily in antiransomware defences, or that the unique nature of the Japanese language makes it a more challenging target for adversaries.”
As for sectors, retail and education suffer the most ransomware attacks, while healthcare is below average. “Healthcare’s over representation in news reports is likely due to regulatory obligations that require healthcare organisations to reveal an attack, while many businesses can keep them private,” says Sophos. Though healthcare experienced a belowaverage number of attacks, attackers succeeded in encrypting files in almost two-thirds of incidents, which is considerably above average.
Not all recorded ransomware attacks succeed. Sophos reports that in 2020 there was a large drop in the percentage of attacks where the criminals succeeded in encrypting data, down from 73% to 54%. This is partly due to increased adoption of anti-ransomware technology, but also because of a change of approach by the criminals.
The Sophos survey found that the proportion of attacks where data was not encrypted but the victim was still subject to extortion has more than doubled. As was the case with the HSE, attackers steal data and then threaten to publish it unless the ransom demand is paid. This approach has become more appealing due to GDPR. “Adversaries often leverage the punitive fines for data breaches in their demands in a further effort to make victims pay up,” says Sophos.
Across the survey, of respondents whose data had been encrypted, Sophos asked whether they had recovered their data. One-third paid the ransom, an increase on 26% reported the previous year, while 57% were able to use backups to restore their data.
The propensity to pay the ransom demand largely depends on the efficacy of backups. Sophos notes that companies in the energy, oil/gas and utilities sector are most likely to pay the ransom. This sector often relies on legacy computer infrastructure, so