Stories of organizations crippled by ransomware regularly dominate the IT news headlines, and accounts of six- and seven-figure ransom demands are commonplace. But, do the news stories tell the full story?
To understand the reality behind the headlines, Sophos commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide brand new insight into what actually happens once ransomware hits. Be prepared to be surprised.
The 2020 ransomware reality
The survey provides fresh new insight into the experiences of organizations hit by ransomware, including:
- Almost three quarters of ransomware attacks result in the data being encrypted.
51% of organizations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks. - 26% of victims whose data was encrypted got their data back by paying the ransom.
A further 1% paid the ransom but didn’t get their data back. Overall, 95% of organizations that paid the ransom had their data restored. - 94% of organizations whose data was encrypted got it back.
More than twice as many got it back via backups (56%) than by paying the ransom (26%). - Paying the ransom doubles the cost of dealing with a ransomware attack.
The average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US$732,520 for organizations that don’t pay the ransom, rising to US$1,448,458 for organizations that do pay. - Despite the headlines, the public sector is less affected by ransomware than the private.
45% of public sector organizations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries. - One in five organizations has a major hole in their cybersecurity insurance.
84% of respondents have cybersecurity insurance, but only 64% have insurance that covers ransomware. - Cybersecurity insurance pays the ransom.
For those organizations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays. - Most successful ransomware attacks include data in the public cloud.
59% of attacks where the data was encrypted involved data in the public cloud. While it’s likely that respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Dropbox and cloud backup such as Veeam, it’s clear that cybercriminals are targeting data wherever it stored.
For the details behind these headlines, read The State of Ransomware 2020 report.
Sophos Intercept X: Protection against ransomware
Ransomware actors combine sophisticated attack techniques with hands-on hacking. Sophos Intercept X endpoint protection gives you the advanced protection technologies you need to disrupt the whole attack chain, including:
- Encryption rollback. CryptoGuard technology blocks the unauthorized encryption of files and rolls them back to their safe state in seconds.
- Exploit protection. Deny attackers by blocking the exploits and techniques used to distribute malware, steal credentials, and escape detection.
- AI-powered threat protection. Artificial intelligence detects both known and unknown malware without relying on signatures
Start an instant online demo to see how Intercept X works in a full environment. You’ll be up and running in less than a minute.
Reader comments
14134 comments