A Closer Look At Today’s Ransomware Attack Landscape

Cyber Security, Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing

The results are in: Ransomware attacks are here to stay. In the last year, 66% of organizations fell victim to this type of malware attack, up from 37% in 2020. And it’s not just the frequency of attacks that is on the rise — the damage ransomware inflicts on organizations’ bottom lines is increasing, too.

Scott Barlow, global VP of MSP and cloud alliances, Sophos
Author: Scott Barlow, global VP of MSP and cloud alliances, Sophos

To get a pulse on the ransomware threat landscape, Sophos surveyed 5,600 IT professionals across 31 countries about their experiences with ransomware in 2021. The report uncovers how organizations respond to ransomware incidents, the state of cyber insurance and the need for a tight, end-to-end cybersecurity posture.

With this in mind, let’s take a closer look at four insights from our report, The State of Ransomware 2022.

1. The frequency and severity of ransomware attacks are on the rise. The increase in ransomware attacks over the last year is in line with the proliferation of the ransomware as a service (RaaS) model, which makes it significantly easier for bad actors to deploy an attack by reducing the skill level an individual needs. Additionally, cybercriminals honed their data encryption skills in 2021 as they successfully encrypted data in 65% of attacks, up from 54% in 2020. Not only do these attacks incur considerable costs — from either ransom demands or data recovery needs — but 90% of organizations impacted by an attack in 2021 said it hindered operations. And 86% of private sector organizations said the attack caused them to lose business and revenue.

2. Some organizations will pay ransom, despite the outcome. Nearly all (99%) of organizations hit by ransomware in 2021 got at least some of their encrypted data back, up from 96% the year before. But while nearly three quarters of organizations used backups to restore data, that tactic wasn’t always sufficient for full data recovery. Nearly half (46%) of respondents paid a ransom to restore their data — indicating that at least some organizations with adequate backups still paid off their attackers so they could resume operations as quickly as possible. Ransom payment also generally isn’t sufficient to restore data on its own: The percentage of data restored after ransom payment actually dropped in 2021 despite more organizations paying up. There was also a near threefold increase in the percentage of victims paying ransoms of $1 million or more.

3. Organizations still struggle to effectively prevent attacks. All the money in the world can’t prevent ransomware attacks. Sixty-four percent of respondents hit by ransomware claimed to have more cybersecurity budget than they need, and 65% of ransomware victims said they have more cybersecurity headcount than they need. Many organizations believe they have adequate resources to prevent attacks, but the number of successful attacks tell a different story.

4. The cyber insurance process is evolving. Many organizations have turned to cyber insurance to cover costs in the event of an attack. That said, 94% of respondents whose organizations have insurance said it became more difficult to secure coverage in the last year. More than a third of respondents say the process is longer and more expensive, and 54% say the level of cybersecurity they need to qualify for coverage is higher. Considering cyber insurance covers most of the costs associated with ransomware attacks, 97% of organizations have made cybersecurity improvements to qualify for adequate coverage.

The ransomware threat landscape is heating up and organizations are still struggling to prevent — and recover from — attacks. While cyber insurance can help organizations blunt the financial impact of ransomware, it’s becoming more difficult to acquire coverage and insurance policy prices are soaring. Cybersecurity and IT professionals should prioritize their honing cyberdefenses in 2022 to mitigate these attacks and their far-reaching consequences.

MSPs, it’s time level up your customers’ security measures

As the ransomware threat landscape becomes increasingly complex, managed service providers (MSPs) need to help their customers deploy a layered approach to cybersecurity. Ensure your customers follow best security hygiene practices and have a thorough incident response plan in place in the event of an attack.

Download the full The State of Ransomware 2022 report for more insights about today’s ransomware landscape and our tips for preventing these attacks.

Scott Barlow is VP, Global MSP & Cloud Alliances at Sophos. Read more Sophos guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.