Ransomware operators are getting better at encrypting data during attacks, causing extra headaches for the IT teams trying to parry the attack, a new report has claimed.
The Sophos state of ransomware (opens in new tab) 2023 report, based on a vendor-agnostic survey of 3,000 cybersecurity and IT leaders,found in three-quarters (76%) of ransomware attacks, threat actors managed to encrypt the data – the highest percentage since Sophos started tracking the metric three years ago.
High recovery costs for those that pay
The report also gives another reason why businesses should refrain from paying the ransom. Those that did doubled their recovery costs – $750,000, versus $375,000 for those that merely used their backups. Furthermore, it takes longer to recover the files with the decryptor. Almost half (45%) of organizations using backups recovered within a week, compared to two in five (39%) of those that paid up.
Sophos also warns that despite other reports out there stating otherwise, the number of ransomware attacks isn’t dwindling – it’s plateauing. This year, 66% of surveyed firms reported being attacked by ransomware, the same as last year.
“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos.
“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.
Sophos’ report also claims that system vulnerabilities are most commonly used to launch ransomware attacks (36%), and not compromised credentials (29%), showing the importance of keeping software and hardware updated.