Sophos has released the State of Ransomware 2022 report (Report of heresy attacks and their harms for 2022) which presents an up-to-date snapshot of heresy attacks and harms worldwide. The report shows that a rate of 66% of the organizations in Israel that participated in the survey were affected by a ransom attack in 2021. Of these, a rate of 57% paid the ransom to remove the encryption and release their information, even if they had other means of data recovery, including up-to-date backup.
The report summarizes the effects and economic consequences of ransomware attacks on 5,600 medium-sized businesses in 31 countries in Europe, North and South America, the Pacific Asia, Central Asia, the Middle East and Africa, including Israel.
“The report points to a global upward trend in the rate of victims paying the ransom even when these organizations may have the option to recover the information in other ways,” says Chester Wisniewski, a scientist and lead researcher at Sophos.
“There are several possible reasons for this, including missing backups or the desire to prevent leaked information. As soon as it becomes clear that the organization has been hit by a ransomware attack, there is usually great urgency to get systems and business back on track as soon as possible. To think that paying the ransom and getting the encryption key would be a faster solution.
‘But this solution carries a considerable risk. Organizations do not know what the attackers did, whether they implanted backdoors (a security breach that would allow attackers to access confidential information in the future), stole passwords or took other malicious actions. “Organizations that do not fundamentally clean up information systems may find themselves at increased risk for repeated attacks.”
From an analysis of data from the State of Ransomware 2022 survey, which deals with organizations from Israel that fell victim to a cyber attack in 2021, the following main findings emerge. A significant proportion of the organizations affected by the ransom attack pay the ransom – in 2021, a rate of 57% of the organizations in Israel that fell victim to the ransom paid the ransom.
Ransomware attacks have significant economic implications – the average cost of recovery from a ransomware attack in 2021 was $ 1.41 million. On average, it took organizations a month to recover from the damage and disruption of activity. A rate of 89% of the organizations reported that the attack disrupted their activities, and a rate of 86% of the organizations that fell victim to a ransom attack reported that they lost sales and / or revenue as a result of the attack.
Many organizations have cyber insurance that provides the organization with insurance coverage in the event of a ransomware attack – a rate of 66% of medium-sized businesses have cyber insurance that covers cyberattacks, and in 88% of cases the insurance paid the recovery expenses from the attack in part or in full.
Of the cyber insurance organizations, 93% reported that insurance companies have tightened insurance conditions over the past 12 months, added stricter requirements for cyber security measures in the organization, insurance has become more expensive or made more complex and fewer insurance companies offering cyber insurance.
“The survey findings suggest that we may have reached a turning point in the field of ransomware attacks: the greed of attackers who continue to increase ransom collides with the hardening of the positions of insurance companies seeking to reduce their risk and exposure,” Wisniewski explains.
“The results of the survey indicate that insurance companies have begun to harden their positions and in the future many organizations that have fallen victim to a ransom attack may no longer be able to afford the high ransom fees. Unfortunately, it is highly doubtful that this will lead to a decrease in the number of ransomware attacks. “
Survey information
The State of Ransomware 2022 survey (ransomware attacks and their harms for 2022) covers ransomware attacks that occurred in 2022. The survey was conducted in January and February 2022 by Vanson Bourne, an independent market research institute specializing in the technology industry.
5,600 IT executives from 31 countries participated in the survey: USA, Canada, Brazil, Chile, Colombia, Mexico, Austria, France, Germany, Hungary, UK, Italy, Netherlands, Belgium, Spain, Sweden, Switzerland, Poland , The Czech Republic, Turkey, Israel, the United Arab Emirates, Saudi Arabia, India, Nigeria, South Africa, Australia, Japan, Singapore, Malaysia and the Philippines, all surveyed in medium-sized organizations employing between 100 and 5,000 workers.
Important to know: For the purpose of the survey, the phrases ‘fell victim to a ransomware attack / were harmed by a ransomware attack’ means that at least one device in the organization was infected with ransomware even if the infection did not lead to information encryption. Participants were asked to address the most significant infidelity attack that harmed the organization, unless otherwise stated.