Only 8% of the companies that paid got all data back

The average total cost for a company to recover from a ransomware attack has more than doubled from $761106 in 2020 to $1.85 million in 2021, according to a global study by security firm Sophos. The average ransom paid is $170404.

Paying ransom doesn’t solve much

The global findings also show that only 8% of companies manage to get all their data back after paying a ransom, while 29% only get half of their data back.

The survey was conducted among 5,400 IT decision makers in medium-sized companies in 30 countries across Europe, the Americas, Asia, the Middle East and Africa.

While the number of companies affected by a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organizations suffered from data encryption as a result of a significant attack (54% in 2021 compared to 73% in 2020), the new survey results reveal worrying upward trends, especially in terms of the impact of a ransomware attack.

“The apparent decline in the number of organizations affected by ransomware is good news, but tempered by the fact that it likely reflects, at least in part, changes in attacker behavior,” said Chester Wisniewski, lead researcher – Sophos.

“We have seen attackers move from large-scale, generic, automated attacks to more targeted attacks, including human hands-on-keyboard hacking. Although the total number of attacks is lower as a result, our experience shows that the chance of damage from these more advanced and complex targeted attacks is much higher. Such attacks are also more difficult to recover, and we see this reflected in the survey in the doubling of total recovery costs. “

Key findings

The average cost of recovering from a ransomware attack has more than doubled in the past 12 months. Recovery costs — including business downtime, lost orders, operational costs and more — increased from an average of $761106 in 2020 to $1.85 million in 2021.

This means that the average cost of recovering from a ransomware attack is now 10 times the average ransom paid, which was $170404. The highest reported payment among respondents was $3.2 million. The most common payment was $10000. Ten organizations paid ransoms of $1 million or more.

“The findings confirm the hard truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organizations choosing to pay ransom, only a small minority of those who paid got all their data back,” Wisniewski said.

54% of respondents believe that cyber-attacks are now too advanced for their IT team to handle alone.

“Furthermore, the definition of what constitutes a ransomware attack is evolving. For a small but significant minority of respondents, the attacks involved payment requests without data encryption. This could be because they had anti-ransomware technologies to block the encryption phase or because the attackers simply chose not to encrypt the data.”

In these cases, it is likely that the attackers demanded payment in exchange for not leaking the stolen information online.

In short, it’s more important than ever to protect yourself from opponents at the door before they have a chance to unfold their increasingly versatile attacks. Fortunately, when organizations are attacked, they do not have to face this challenge alone. Support is available 24 hours a day, 7 days a week in the form of remote security centers, threat hunting and incident response services.”

6 things to help you protect against ransomware and related cyberattacks

  1. assume you will be attacked. Ransomware is common. No industry, country or type of business is immune to that risk. It is better to be prepared, but not attacked, than the other way around.
  2. make backups and keep a copy offline. This is your “last line of defense”. Provide a 3-2-1 principle for backups: at least 3 copies of your data, on at least 2 different types of medium, of which at least 1 copy is off-site and off-line.
  3. defense in depth. More and more ransomware attacks are accompanied by extortion. It is therefore important in the first place to keep the opponents out. Use layered protection, don’t rely on one thing. Bet on People, Process and Technology.
  4. combine human expertise with anti-ransomware technology. Use a solid EDR (Endpoint Detection and Response) and ATP (Advanced Threat Protection) for email. Technology provides the scale and automation a business needs, while human experts are best able to determine that an attacker is trying to break in.
  5. do not pay the ransom. That’s easy to say, but if your business has come to a complete standstill due to a ransomware attack, it can become tempting to pay anyway. Ethical considerations aside, paying ransom is not effective in recovering data. Should you decide to pay, keep in mind that the chances are very small that all data will be recovered.
  6. have a recovery plan. Prepare your business before it’s too late. Organizations that fall victim to an attack often realize that they could have avoided significant financial losses and disruptions had they had a Security Incident Response Plan.

Is your company sufficiently prepared?

Do you want to know whether your company is sufficiently prepared to defend itself against ransomware? Don’t have a Security Incident Response Plan yet? Let our experts assist you. They are happy to help you.

You can easily contact us via the contact form or via LinkedIn.