The 2023 State of Ransomware Report

An annual study of the real-world ransomware experiences of IT/cybersecurity leaders makes clear the realities facing organizations in 2023

The Sophos 2023 research report on ransomware reveals the most common root causes of ransomware attacks and shines new light on how experiences differ based on organization revenue. The report also reveals the business and operational impact of paying the ransom to recover data rather than using backups.

About the Sophos Survey

Sophos commissioned an independent, vendor-agnostic survey of 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees across 14 countries in the Americas, EMEA, and Asia Pacific. The survey was conducted between January and March 2023, and respondents were asked to respond based on their experiences over the previous year.

Root Causes of Ransomware Attacks

Survey respondents reported that an exploited vulnerability was the most common root cause of ransomware attacks (36%), followed by compromised credentials (29%). These findings align almost exactly with Sophos’ latest retrospective analysis of 152 attacks that their Incident Response and Managed Detection and Response (MDR) teams were brought in to remediate, where 37% started with an exploited vulnerability and 30% with compromised credentials.

Emails were the root cause of 30% (with rounding) of attacks: 18% started with a malicious email and 13% with phishing. Approximately 3% began with a brute force attack and just 1% with a download.

Data Theft

In 30% of ransomware attacks where data was encrypted, that data was also stolen. This “double dip” approach by adversaries is becoming increasingly commonplace as they look to increase their ability to monetize attacks. The threat of making stolen data public can be used to extort payments and the data can also be sold. The high frequency of data theft increases the importance of stopping attacks as early as possible before information can be exfiltrated.

2023 Ransomware Stats

• The average ransom payment was $1,542,333
• 40% of payments were over $1 million or more (compared to 11% in 2022)
• 30% of ransomware attacks where data was encrypted reported that data was also stolen
• 66% of organizations were hit by ransomware
• The average time to recover from ransom attacks is about one month

The full 2023 State of Ransomware report can be found here

EverChain maintains its SOC2 Type 2 compliance year after year. Read more about our compliance approach here or chat with one of our dynamic business development team members via email. Schedule a free consultation here.