Sophos, a global leader in next-generation cybersecurity, has announced the findings of its global survey, The State of Ransomware 2021, which reveals that the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from US$761,106 in 2020 to US$1.85 million in 2021.
The average ransom paid is US$170,404. The global findings also show that only 8% of organizations managed to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.
The survey polled 5,400 IT decision makers in mid-sized organizations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East and Africa.
Globally, fewer organizations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020). The new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack.
“The apparent decline in the number of organizations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviors,” said Chester Wisniewski, Principal Research Scientist, Sophos.
“We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.”
Globally, the number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all of their data.
“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organizations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” said Wisniewski.
“This could be in part because using decryption keys to recover information can be complicated. What’s more, there’s no guarantee of success. For instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible.”
Ignacio Triana, MCA Trend Micro, Engineering Manager
The past 12 months have stunned many in the cybersecurity community. Practically overnight business models and work practices were abruptly reconfigured and all IT staff were enlisted to help. As the months passed, new threats emerged and little by little we realized that this is a new reality with which we must live together for some time.
While the threats will continue to be targeted at remote workers and infrastructure, there are reasons to be optimistic. Unlike last year, we are more familiar with what it is to live and work under the shadow of the pandemic. So this should make things easier for security leaders to prioritize employee training and adopt solutions with greater visibility to improve detection and response to support the business and minimize risk.
It may be an atypical year, but in many ways organizations will continue to see the same cyberthreats during 2021. Data theft and ransomware, often in the same attack, Business Email Compromise (BEC), Trojan attacks for banking, cryptomining, among others, are part of the threat scale.
Trend Micro blocked more than 27.8 billion threats in the first half of 2020 alone, most of which emerged from email. And while most of these can be linked to automated attacks, they can be argued to be more personalized and targeted threats, which pose the greatest danger to revenue and corporate reputation.
Some sectors will be more affected than others during 2021, as cybercriminals always attack easy targets first. Opportunities to generate maximum ROI are the priority, so as consumers continue their lives online, industries such as retail and gaming could be under intense pressure, especially if new applications containing vulnerabilities are released.
That means that malicious actors will continue to direct their attacks towards the perceived weakest links such as teleworkers and remote work infrastructure.
Phishing has been present for the past decade and COVID-19 themed lures are expected to continue. As discovered last year, many remote workers could be making criminals’ work much easier through risky behaviors such as uploading corporate data to the cloud without security, using non-work-specific apps and using potentially unprotected personal devices to work.
We need to be more alert in 2021 because there are signs that the cybercrime community is gaining more and more capabilities to use ATP-style tactics to steal data and deploy ransomware. This is why it is also important to maintain strict information access controls and finally focus efforts on managing and patching workloads.
Daniela Alvarez de Lugo, General Manager for Kaspersky’s NOLA region
2020 was an unusual year as it was marked by the pandemic, which led to both work and study moving home, and video conferences replacing social and business meetings. This massive shift to online life increased cybersecurity concerns, for while cybercriminals did not invent any new ruse during this time, they did actively exploit the COVID-19 theme as bait for their malicious campaigns, a trend that will clearly continue during 2021.
The different types of phishing pages distributed around the world, in addition to spam emails, have seen recipients who are invited to receive a vaccine, participate in a survey or answer a questionnaire to diagnose the COVID-19 virus. These are just some of the ways cybercriminals adapt their attacks according to the situation being lived locally, regionally or globally.
Likewise, attackers have actively leveraged the growing interest in online entertainment, to lure users to fake sites and persuade them to download malicious programs disguised as a movie or installation file. A total of 61% of users surveyed admitted to downloading software from torrent sites, 65% used these sites for music and 66% for movies.
On the other hand, as many workers are working virtually, the number of remote access attacks increased. One reason is because, in the office, IT administrators are responsible for keeping enterprise connections and networks secure, but when their colleagues have to set up their own devices and networks, they can expose vulnerabilities that are exploited by cybercriminals.
In this sense, cybercriminals significantly increased attacks against Remote Desktop Protocol (RDP) compared to the pre-pandemic period. In Colombia’s specific case, 91.6 million such attacks were recorded last year. The action of attackers is to test different usernames and passwords until they find the right combination to access corporate resources.
The reality is that cybercriminals have not changed their behavior, they simply take advantage of a situation and see the opportunity to trick users into obtaining personal information or their money.
That’s why it’s imperative that people have a basic understanding of cybersecurity and understand the consequences that their bad online habits can have, because day after day we see more online attacks, and although they employ familiar techniques, unfortunately they remain effective.
Edilson Cantadore, Sales Engineer for Latin America, SonicWall
Today we live in a completely different world than we did a year ago. Suddenly there are new problems to challenge ourselves at a speed we weren’t used to.
When we look at the various sources of information available on cyberattacks, in this new environment, it is clear that this strategic change in direction from digital criminals, has seen them abandon mass attacks in favor of much more targeted ones. It’s clear this is for the simple reason that this leads to better results.
Through relentless searches for potential vulnerabilities and the consequent discovery of multiple gateways, cybercriminals create specialized attacks on
these targets that have proven to be much more effective and cost-effective in all aspects.
Even so, we see greater exposure of access devices caused by the migration of the workforce to the remote home environment, which thus presents enormous opportunities for a single element of this universe to be violated and, consequently, used as access to corporate networks, without any protection against this new ‘internal enemy’ that until then existed in an infinitely smaller volume.
We have a wide universe of devices of all kinds, which no longer undergo the same centralized management and monitoring of corporations but are now also exposed to violations and failures of home networks that quickly integrated into corporate infrastructure in response to the urgent demand for business.
Cybercriminals realized that as quickly as we are at the forefront of combating these actions and developing a new way of acting, their danger is increasing in proportion to these new arrangements. And the question we have is: How do we protect ourselves from something we don’t yet know about.
In this challenging environment, knowledge is the key to success. Here are three simple protective tips:
- Understand the challenges, accept that the opponent is strong and prepared, and then develop protection strategies that not only identify potential threats and their strategies, but also how to proactively act on identifying these new vectors.
- Understand your business, the interdependence of computational resources, key points of interconnection and exposure, and then add to it all the knowledge about threats that is available and at your fingertips.
- Recognize the probability of failure that is inherent in each system we develop; accept that this probability is relentlessly exploited by cybercriminals and, in the best possible way, apply the various tools and technologies that we have mastered and that we can use for our benefit.
In conclusion, accepting that there is no magic formula that solves all problems is fundamental, because our opponent does.