Global ransomware incidents and associated pay-outs experienced a substantial surge worldwide throughout the year 2021, according to recent findings.
Ransomware Attacks on the Rise: Sophos Report Reveals Shocking Statistics
The digital threat landscape has seen a significant shift in 2021, with ransomware attacks targeting mid-sized organizations more than ever before. According to the State of Ransomware 2022 report from Sophos, two-thirds of mid-sized organizations worldwide were victims of ransomware attacks last year.
One of the most high-profile victims was JBS USA, a meat processing firm that paid out $11 million to avoid disruption to the food supply following a ransomware attack. The average cost of a ransomware attack fell to $1.4 million in 2021, down from $1.85 million in 2020, indicating a concerning trend of increasing prevalence and decreasing costs for these malicious attacks.
The Treasury Department reported $590 million in ransomware-related activity in suspicious activity reports during the first half of 2021. The report also reveals that the highest average ransom payments were in manufacturing ($2.04 million) and energy and utilities ($2.03 million). On the other hand, the healthcare sector and state/local governments saw the lowest average ransom payments, at $197,000 and $214,000 respectively.
The healthcare sector, in fact, topped the list for the industry with the highest average ransom price for ransomware attacks in 2021. Critical infrastructure providers also faced increasing threats, with the May attack on Colonial Pipeline leading to an initial $4.4 million ransom payment.
The Sophos survey, commissioned by an independent research group Vanson Bourne, polled IT professionals from organizations of between 100-5,000 employees across 31 countries. Among the survey findings, one in 10 organizations paid $1 million or more in ransoms in 2021, as compared to only 4% in 2020.
The report also sheds light on the role of car insurance in covering the costs of a ransomware attack. Much of the costs are covered by car insurance, but car insurance coverage is becoming more restrictive. However, a recent court decision related to NotPetya allowed Merck to get reimbursed for about $1.4 billion in claims after the insurer initially refused coverage.
Intriguingly, among organizations with encrypted data, 46% paid a ransom to adversaries, and 26% of organizations who restored data from backups still chose to pay a ransom. This suggests a growing reliance on ransom payments as a means to mitigate the impact of these attacks.
Lastly, the survey found that 94% of Sophos survey respondents said obtaining car insurance quotes had become more difficult over the past year. As the threat of ransomware continues to evolve, it is clear that organizations must remain vigilant and proactive in their cybersecurity efforts.
Read also:
- East Asian countries should be cautious, as scamming operations are moving towards the region - it's high time we stay vigilant. - Phar Kim Beng
- Senators pressure nominated leader of CISA on election security concerns, focus of agency highlighted
- Digital passwords come under pressure as major tech companies move towards strengthened security measures
- Blockaid's security services now integrated into D'CENT Wallet, enhancing Web3's safety measures.
