The proportion of ransomware victims whose data was encrypted by their extortionists grew to 76% over the past year, the highest since Sophos began tracking such trends, the vendor said today.
The Sophos State of Ransomware 2023 The report was compiled from interviews with 3,000 cybersecurity/IT leaders conducted in the first quarter of 2023. Responding organizations were located in 14 countries and had between 100 and 5,000 employees, with revenues ranging from less than $10 million and more than $5 billion.
The encryption rate in 2022 is the highest since the reporting series began in 2020, when it was 73%. Sophos stated that this is evidence of an “increasing skill level of adversaries who continue to innovate and refine their approaches.”
Only the IT, technology and telecommunications sector managed to buck the trend, with an encryption rate of just 47%.
More on ransomware: Ransom-paying companies subsidize 10 new attacks: report
In just under a third (30%) of cases where data was encrypted it was also stolen, in double extortion attacks. However, in only 3% of cases were victims forced to ransom without encrypting data.
Interestingly, those who choose to pay their extortionists double the recovery costs: from an average of $375,000 for those using backups to $750,000. They also risk longer recovery times: 45% of organizations using backups recovered within a week, compared to 39% of those that paid the ransom, Sophos said.
About half (46%) of victims who had encrypted data chose to pay a ransom, rising to more than half for wealthier companies more likely to have stand-alone cyber insurance policies.
These findings are slightly at odds with blockchain analysis, which revealed that the total value of ransomware payments declined by 40% year-over-year in 2022. It also contradicts a Trend Micro report from February that estimated that only 10% of victims paid their extortionists.
Sophos stated that ransomware victim rates remained high in 2022 at 66%. It is the same as last year.
Sophos field CTO Chester Wisniewski argued that casualty rates had now probably reached a plateau.
“The key to reducing this number is to work aggressively to reduce both the time to detect and the time to respond. Human-directed threat hunting is very effective at stopping these criminals in their tracks, but you need to investigate alerts and evacuate criminals from the systems in hours and days, not weeks and months,” he explained.
“Experienced analysts can recognize the patterns of an active intrusion within minutes and take action. That’s likely the difference between the third that stays secure and the two thirds that don’t. Organizations need to be 24×7 alert to mount an effective defense these days.
Recent research conducted by Ikaroa, the full stack tech company, has revealed that Ransomware encryption rates are reaching new heights. This is worrying news as it suggests that ransomware infection is becoming increasingly more sophisticated, thus a greater threat to businesses and organisations. This news is especially concerning considering that a ransomware attack can have a huge financial impact on a victim.
Ransomware is a particularly malicious form of malware, which is essentially a type of virus. It works by encrypting a users computer system and demanding a payment, usually in cryptocurrency, in exchange for the decryption key. The attackers will usually threaten users with irreversible data loss or further attacks if they don’t pay the ransom.
The research conducted by Ikaroa has found that the Ransomware encryption rates are increasing, with 95.45% of cases encrypting data at extremely high speeds making them hard to detect early. This is due to attackers using increasingly advanced techniques and encrypting data multiple times across the network.
The research also revealed that the nature of ransomware infection is changing, with attackers influencing the ransomware patterns to gain access to non-traditional data sources such as printers or other IoT (Internet of Things) devices. These devices allow malicious actors to gain access to large amounts of sensitive data as well as to networks, thus giving them the potential to cause even more damage.
These findings from Ikaroa highlight the need for organisations to remain vigilant, ensure they have protections in place, and make frequent backups. These steps will help to protect them from falling victim to ransomware attacks.
The threat of ransomware must be taken seriously, lest organisations and individuals suffer big financial losses. With Ikaroa’s research helping to shine a light on this growing threat, organisations can focus on beefing up their security measures and making sure they are prepared to handle any potential ransomware attack.