The percentage of organizations hit with ransomware attacks jumped to 66% in 2021, showing a 29% year-over-year increase. As attacks become more complex, organizations are getting better at dealing with the aftermath, but they’re still struggling to prevent attacks in the first place.
This is one of findings from The State of Ransomware 2022 research conducted by the Sophos company.
But despite ransomware attacks becoming near-normalized in 2021, 88% of organizations reported they have sufficient cybersecurity talent, budget and resources. This represents a major disconnect between internal security teams and an evolving threat landscape: Although many organizations have the budget to build robust security defenses, they are unable to secure the right talent and apply their resources to a proactive cybersecurity strategy.
And while many organizations have improved their attack response through the use of data backups and cyber insurance, these strategies only help manage the crisis after an attack has occurred.
Ransomware attack volume and complexity are increasing
Ransomware attacks increased by 78% throughout the course of 2021.
Two in three organizations were hit overall (up from more than a third in 2020), and the number of vulnerabilities associated with attacks grew from 223 to 288 in 2021. This reflects the increasing reach and complexity of attack methods, largely due to the growing success of ransomware-as-a-service — an attack model where ransomware franchisers provide data encryption and ransomware collection tools to attackers in exchange for a percentage of the ransom collected. This makes ransomware more accessible by reducing the skill level required to deploy it.
Ransomware attackers have also become more successful at encrypting data overall. In 2021, 65% of attacks resulted in data encryption on the part of attackers — up to 11% from 2020.
And beyond increased encryption, 72% of organizations reported challenges in at least one of three major areas: increased overall volume of attacks, increased complexity of attacks and increased impact of attacks. Together, these factors comprise a threat landscape that is more difficult for organizations to mitigate and more costly if they can’t.
Ransomware payments are higher than ever—and many organizations pay up
The average ransomware payment in 2021 totaled $812,360 — 4.8 times higher than in 2020. The number of organizations that paid upwards of $1 million increased too, representing a 7% year-over-year jump. Larger payments were primarily extracted from organizations in the manufacturing and utilities industries — sectors commonly targeted due to their perceived ability to pay sky-high sums.
Because there is no guarantee that ransomware victims will get all (or any) of their stolen data back, the FBI recommends against paying ransoms. However, many organizations still find it difficult to resist. In 2021, nearly half (46%) of organizations hit by attacks paid the ransom to restore their data—and on average, only 61% of their stolen data was restored. Conversely, only 4% of organizations who paid ransom got back all of their stolen data. Even in countries where extortion payments are illegal, like Italy, legislative efforts didn’t stop ransomware attackers in 2021—and 43% of Italian organizations admitted to paying up when their data was encrypted.
Organizations are less prepared for future attacks than they may think
Although 90% of organizations reported that their most significant attack in 2021 impacted their ability to operate, the average cost to correct the impact of ransomware attacks dropped from $1.85 million in 2020 to $1.4 million in 2021. As ransomware becomes more prevalent, cyber insurance providers are becoming more skilled at guiding victims through the incident response process, ultimately reducing remediation costs.
Among organizations that weren’t hit by ransomware attacks — and don’t expect to be hit in the future — 72% reported that they allocate resources to reactive, mitigation-focused approaches like backups and cyber insurance rather than proactive defenses. To ensure a comprehensive defense against ransomware, organizations must adopt a lifecycle view of security hygiene based on prevention, detection and response. This strategy can be implemented by a security partner that can help manage company-wide networks, monitor for threats and identify vulnerabilities.
Tips for moving toward proactive ransomware defense
With a massive skills shortage in the cybersecurity industry, big budgets weren’t enough to solve the ransomware crisis in 2021 — and they don’t constitute a comprehensive prevention strategy in 2022. Here are five tips for transitioning from reactive approaches to proactive strategies for ransomware defense.
- Evaluate whether your current defenses are meeting your needs by conducting a thorough intake of all security controls. Identify where high-quality defenses could be integrated instead.
- Implement proactive measures, like dynamic monitoring, to stop ransomware attackers before they can execute. If you don’t have the time or skills to do this in-house, consider outsourcing to security specialists.
- Tighten your security environment by identifying and eliminating security gaps — like unpatched devices, unprotected machines and open remote desktop protocol (RDP) ports. A tool like extended detection and response (XDR) can greatly accelerate this process by flagging vulnerabilities in real time.
- Prepare for the worst. Ransomware attacks can happen even if your defenses are tight. Design a thorough incident response strategy and know who to contact in the event of an attack.
- Optimize backups and practice restoring from them. This goes a long way in helping to minimize recovery time — ultimately lessening the financial and operational impact of attacks.
With these steps, you’ll be better equipped to defend against ransomware.