Sophos has released its 2022 ransomware report based on real-world IT professionals’ experiences last year, across mid-sized organizations in 31 different countries. The study concluded that the number of attacks is up, with increasing complexity and impact. About 2/3 of organizations involved in this study indicated that they were hit by ransomware in 2021, which represents an increase of 78% over the previous year. Ransomware works by encrypting a company’s data so they cannot access it until they pay the ransom. The success rate of these attacks increased to 65% of organizations having the data encrypted as a direct consequence of the attacks, from 54% in the previous year. Lastly, 4% of the victims experienced an extortion-only attack where data was not encrypted but there was a threat to expose the data publicly. Organizations have also gotten better at restoring data after an attack: 99% of the organizations stated that they were able to get some of the encrypted data back and having backups was the primary method used to restore data. Despite that, 46% of the respondents reported having paid the ransom to restore data, indicating that “multiple restoration approaches [were used] to maximize the speed and efficacy,” on average only 61% of the data was restored, and only 4% got all the data back. Some interesting stats from 2022:
The average ransom payment was $812,360
11% of payments were over $1 million
21% of payments were less than $10,000
Manufacturing & utilities industries indicated having paid the highest amounts
Healthcare & local/state governments indicated paying the lowest amounts
Average time to recover from ransom attacks is about one month.