SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Ransomware recovery costs increase as businesses are hit hard
Fri, 7th May 2021
FYI, this story is more than a year old

Average ransomware recovery cost in Asia Pacific and Japan (APJ) has increased from US$1.16 million to US$2.34 million, more than doubling in one year.

This is according to the new Sophos The State of Ransomware 2021 report.

The report finds that the average ransom paid by organisations in APJ is US$123,634.

While US$3.2 million was the highest amount paid out of those surveyed globally, the most common payment was US$10,000.

The findings also show that only 5% of APJ organisations managed to get back all of their data after paying a ransom, with 19% getting back no more than half of their data.

The proportion of APJ organisations that paid the ransom remained the same year on year at 39%.

According to the survey, the number of organisations in APJ that experienced a ransomware attack fell from 53% of respondents surveyed in 2020 to 39% in 2021.

In addition, fewer organisations suffered data encryption as the result of a significant attack (68% in 2021 compared to 81% in 2020).

The survey also highlighted that businesses are seeking outside help.

In fact, around two thirds (65%) of APJ respondents believe cyber attacks are now too advanced for their IT team to handle on their own.

Sophos principal research scientist Chester Wisniewski says, recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data.

He says, whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more.

Further, the definition of what constitutes a ransomware attack is evolving.

Wisniewski says it is more important than ever to protect against adversaries at the door, before they get a chance to take hold and unfold their increasingly multi-faceted attacks.

Wisniewski continues, “The apparent decline in the number of organisations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviours.

"We've seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking.

"While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher.

"Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.

Wisniewski says, “The findings confirm the brutal truth that when it comes to ransomware, it doesn't pay to pay. Despite more organisations opting to pay a ransom, only a tiny minority of those who paid got back all their data.

"This could be in part because using decryption keys to recover information can be complicated. What's more, there's no guarantee of success.

"For instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible.

According to Sophos, there are certain steps businesses can take to mitigate threats.

This includes, assume you will be hit, make backups and keep a copy offline, deploy layered protection, combine human experts and anti-ransomware technology, don't pay the ransom, and have a malware recovery plan.