Sophos, a global leader in innovating and delivering cybersecurity as a service, has released its annual State of Ransomware 2023 report, which found that in 76% of ransomware attacks against surveyed organisations adversaries succeeded in encrypting data. This is the highest rate of data encryption from ransomware since Sophos started issuing the report in 2020.
The survey also shows that when organisations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs (US$750,000 in recovery costs versus US$375,000 for organisations that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.
Overall, 66% of the organisations surveyed were attacked by ransomware – the same percentage as the previous year. This suggests that the rate of ransomware attacks has remained steady despite any perceived reduction in attacks.
“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning,” said Chester Wisniewski, field CTO, Sophos. “Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals but also slows incident response and adds cost to an already devastatingly expensive situation.”Click below to share this article