Estimated reading time: 1 minute, 27 seconds

What is the State of the Ransomware Threat?

The state of ransomware is strong, at least from a cybercriminal’s perspective. That’s a conclusion that may be drawn from new research.

ransomware 3998798 1920According to UK-based cybersecurity firm Sophos’ annual “State of Ransomware” study, ransomware attacks are happening more often, succeeding more often and costing more.

Last year, ransomware attacks hit 66% of organizations surveyed by Sophos, up sharply from 37% in 2020. Adversaries succeeded in encrypting data in 65% of attacks in 2021, up from 54% in 2020.

What’s more, the average ransom payment almost quintupled last year to $812,360, versus $170,000 in 2020. That’s driven upward by the 11% of organizations who said they paid ransoms of $1 million or more, up from 4% in 2020. But the share of organizations paying less than $10,000 shrank as well, to 21% from 34% in 2020.

The ransomware threat is worsening in part because hacker gangs are stepping up their game, Sophos senior threat researcher Sean Gallagher told Dark Reading. “Over the past couple of years, there has been a massive transition from ransomware to ransomware-as-a-service,” Gallagher said. “There are very well-established [groups] that are doing these attacks, and as a result, the number of attacks companies are seeing has gone up.”

Of organizations who said their data was encrypted in an attack, 46% said they paid the ransom to retrieve their data. And 26% said they paid a ransom despite being able to restore the data from backups.

Sophos principal research scientist Chester Wisniewski told CNET that companies may choose to pay up because their backups aren’t complete or because they don’t want hackers leaking their data. He added that paying hackers to decrypt the data carries the risks of backdoors being added or passwords copied.

The study is based on contributions from 5,600 IT professionals across 31 countries. Details on ransom payments made came from 965 participants.

Read 167 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.