Sophos: 69 percent of organizations in the PH got ransomware attacks in 2022

The cybersecurity giant just published its annual survey and review of real-world ransomware experiences in the State of Ransomware 2022.

File photo: Sophos logo

The alarming increase of victims of ransomware attacks and the amount of ransom paid

Based on the Annual "State of Ransomware 2022" survey results, 46 percent of organizations that had data encrypted due to ransomware paid the attackers. As a result, the average ransom paid increased by almost 5 times, amounting to USD 812,360.

In a summary, Sophos reported the effect of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific, Central Asia, the Middle East, and Africa. Only 965 revealed details of ransomware payments. 

Chief Research Scientist Chester Wisniewski said that the proportion of victims paying cybercriminals continues to increase, even when they may have other options available. He added,

There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack, there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It's also an option fraught with risk. Organizations don't know what the attackers might have done, such as adding backdoors, copying passwords, and more. If organizations don't thoroughly clean up the recovered data, they'll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.

In the study, it appears that the average cost to recover from the most recent ransomware attack in 2021 was USD 1.4M. Aside from that, it took on average one month to recover from the damage and trouble. 

90 percent of organizations said the attack had impacted their ability to operate. Meanwhile, 86 percent of private-sector victims said they had lost business and/or revenue because of the attack.

Sophos listed down the best practices to help defend against ransomware and related cyberattacks:

1. Install and maintain high-quality defenses across all points in the organization's

environment. Review security controls regularly and monitor that they continue to meet the

organization's needs.

2. Proactively hunt for threats to identify and stop adversaries before they can execute their

attack. If the team lacks the time or skills to do this in house, outsource to a Managed

Detection and Response (MDR) specialist.

3. Harden the IT environment by searching for and closing key security gaps: unpatched

devices, unprotected machines, open RDP ports, etc. Extended Detection and Response

(XDR) solutions are ideal for this purpose.

4. Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated.

5. Make backups, and practice restoring from them so that the organization can get back up

and running as soon as possible, with minimum disruption.

What do you guys think?