39% of organizations that paid the ransom taking more than a week to recover, compared to 45% of organizations that utilized backups.
Global cybersecurity services provider, Sophos, has released its annual report titled "State of Ransomware 2023," revealing a significant increase in the rate of ransomware attacks in India. According to the survey, 73% of the organizations surveyed reported falling victim to ransomware attacks, marking a notable rise from the previous year's figure of 57%. Among these attacks, adversaries successfully encrypted data in 77% of the cases, with 44% of organizations resorting to paying the ransom to retrieve their data. However, this payment rate has witnessed a considerable drop from the previous year's rate of 78%.
Globally, the survey findings indicate that organizations that paid a ransom to decrypt their data incurred double the recovery costs compared to those who relied on backups. The former group faced recovery costs amounting to $750,000, while the latter group spent $375,000. Moreover, paying the ransom often resulted in longer recovery times, with 39% of organizations that paid the ransom taking more than a week to recover, compared to 45% of organizations that utilized backups.
The survey also examined the root causes of ransomware attacks, identifying the most common cause as exploited vulnerabilities, accounting for 35% of the cases, followed by compromised credentials, contributing to 33% of the attacks. These findings align with Sophos' 2023 Active Adversary Report for Business Leaders, which revealed similar trends in incident response.
Key global findings from the report include:
- In 30% of the cases where data was encrypted, data was also stolen, indicating a growing trend of combining data encryption and exfiltration.
- The education sector reported the highest levels of ransomware attacks, with 79% of higher education organizations and 80% of lower education organizations falling victim to ransomware.
- Overall, 46% of organizations that had their data encrypted paid the ransom. Larger organizations were more likely to pay, particularly those with revenues exceeding $500 million. This may be due to the availability of standalone cyber insurance policies that cover ransom payments.
With nearly three-quarters of Indian organizations reporting ransomware victimization, urgent action is required to address this issue. To reduce these numbers, it is crucial to prioritize prompt detection and response times. Human-led threat hunting has proven effective in thwarting these criminals, but it is essential to thoroughly investigate alerts and swiftly remove attackers from systems within hours or days, not weeks or months. Experienced analysts can identify signs of active intrusions and take immediate action, differentiating between the organizations that remain secure and the majority that do not. Maintaining constant vigilance is vital for organizations to mount an effective defense.
Sophos offers several best practices to defend against ransomware and other cyberattacks:
- Strengthen defensive measures with security tools that protect against common attack vectors, including robust endpoint protection with anti-exploit capabilities to prevent vulnerability exploitation, as well as Zero Trust Network Access (ZTNA) to counter compromised credentials.
- Utilize adaptive technologies that automatically respond to attacks, disrupting adversaries and providing defenders with response time.
- Implement 24/7 threat detection, investigation, and response, either internally or through a specialized Managed Detection and Response (MDR) provider.
- Optimize attack preparation by regularly backing up data, practicing data recovery from backups, and maintaining up-to-date incident response plans.
- • Maintain good security hygiene by promptly applying patches and regularly reviewing security tool configurations.
The State of Ransomware 2023 report draws on data from a vendor-agnostic survey of 3,000 cybersecurity and IT leaders conducted between January and March 2023. Respondents were from 14 countries across the Americas, EMEA, and Asia Pacific and Japan.