A very varying picture of cybersecurity has emerged in the latest Sophos’ state of ransomware report this month. By talking to victims, it found that over half had been hit by a ransomware attack in the last year.
The criminals succeeded in encrypting the data in 73% of these attacks. Some 26% of ransomware victims whose data was encrypted got their data back by paying the ransom. A further 1% paid the ransom but didn’t get their data back.94% of organizations whose data was encrypted got it back. More than twice as many got it back via backups (56%) than by paying the ransom (26%).
When it comes to paying the ransom, it sees some noticeable regional variations. In India two out of three (66%) paid the ransom to get the data back, while 29% used backups. Conversely, in Spain just 4% paid the ransom while 72% restored the data from backups.
One in five organizations has a major hole in their cybersecurity insurance. 84% of respondents have cybersecurity insurance, but only 64% have insurance that covers ransomware. For those organizations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.
And it doesn’t matter where the data is held but the most successful ransomware attacks include data in the public cloud. While it’s likely that respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Dropbox and cloud backup such as Veeam, it’s clear that cybercriminals are targeting data wherever it stored.
Sophos asked the organizations that said they had been hit by ransomware in the last year how the attack got into their organization. File download/email with malicious attachments topped the list, accounting for 29% of attacks. Second was remote attacks on servers, accounting for 21% of attacks. What really stands out is that there is no single main attack vector. Rather, attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot. This data demonstrates the need for an effective layered defence that covers your endpoints, servers, public cloud instances, email, network gateway, and supply chain. Just focusing on a single technology is a recipe for infection, says Sophos.
Read full report here