Paying a ransom doubles recovery costs and 50 percent of the organizations surveyed in Austria were affected by ransomware

Sophos is today publishing the new global study “State of Ransomware 2023”, according to which cybercriminals in Austria succeed in encrypting data in 96 percent (76 percent internationally) of ransomware attacks on organizations. From an international perspective, it is the highest rate of data encryption by ransomware since Sophos first published its annual ransomware report in 2020.

Mimikama Note: What exactly is ransomware?
Ransomware is like a nasty computer virus that “hijacks” the information on your computer and demands money to give it back to you.

From a global perspective, the survey shows that companies that paid ransoms to decrypt their data additionally doubled their recovery costs ($750,000 in recovery costs versus $375,000 for companies that used backups to restore data). Additionally, paying the ransom typically means longer recovery time: 45 percent of companies that used backups were able to restore data within a week, compared to 39 percent of companies that paid the ransom.

State of Ransomware 2023: Data encryption by ransomware reaches the highest level

Data encryption by malware reaches the highest level
Data encryption by malware reaches the highest level

Overall, 50 percent of the companies surveyed in Austria (66 percent internationally) were attacked by ransomware. This suggests that the number of ransomware attacks has remained consistently high despite the supposed decline during the pandemic years.

“Encryption rates have rebounded to very high levels after a temporary decline during the pandemic, which is concerning. “Ransomware criminals have refined their attack methods and accelerated their attacks to reduce the time in which defenders could thwart their plans,” says Chester Wisniewski, Field CTO, Sophos, summarizing the study results.

“The cost of incidents increases significantly when ransoms are paid. Most victims will not be able to recover all of their files by simply purchasing the encryption keys; you also have to import backups. Paying ransoms not only enriches the criminals, but also slows down the response to the incident and increases costs in an already devastating situation,” continues Wisniewski.

When analyzing the cause of ransomware attacks, the most common starting points were an exploited vulnerability 26 percent (international 36 percent) and compromised access data 38 percent (international 29 percent). This aligns with recent incident response findings from Sophos’ “ 2023 Active Adversary Report for Business Leaders ” on on-site incident response.

Other important results of the study


  • In 27 percent of ransomware cases with data encryption in Austria, the attackers also stole data. This suggests that this “double dip” method (data encryption and data exfiltration) is becoming more common.
  • Internationally, the education sector reports the most ransomware attacks: 79 percent of higher education organizations surveyed and 80 percent of lower education organizations surveyed said they had been victims of ransomware.
  • Overall, 42 percent (46 percent internationally) of the organizations surveyed in Austria whose data was encrypted paid a ransom and received data back. However, from an international perspective, ransom payments were much more common among larger organizations. More than half of companies with revenues of $500 million or more paid the ransom, with the highest rate reported by companies with revenues over $5 billion. This could be in part because larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments.

“Two-thirds of companies say they have fallen victim to ransomware for the second year in a row. The key to reducing this risk is to dramatically reduce both time to detection and time to response. Human-led threat hunting is very effective at stopping these criminals, but the alerts need to be investigated and the criminals removed from systems within hours, not weeks and months. Experienced analysts can identify the patterns of an active intrusion within minutes and take immediate action. This is likely the difference between the third of companies that remain secure and the two-thirds that are not secure. Organizations need to be on alert 24/7 to build effective defenses today,” said Wisniewski.

Three tips from Sophos to protect against ransomware and other cyberattacks


  1. Strengthening defensive shields by:
    • Security tools that block the most common attack vectors. These should include endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities and include Zero Trust Network Access (ZTNA) to thwart the misuse of compromised credentials.
    • Adaptive technologies that automatically respond to attacks, disrupting attackers and giving defenders time to respond
    • 24/7 threat detection, investigation and response. Either internally or through a specialist Managed Detection and Response (MDR) provider
  2. Optimize attack preparation, including regular backups, testing to restore data from backups, and maintaining an up-to-date incident response plan
  3. Maintain good security hygiene, including timely patches and regular review of security tool configurations

About the Study : The State of Ransomware 2023 study data comes from a vendor-independent survey of 3,000 cybersecurity/IT executives conducted between January and March 2023. Respondents come from 14 countries across the Americas, EMEA and Asia Pacific. The companies interviewed employ between 100 and 5,000 people and generate sales between less than 10 million and more than 5 billion US dollars.

The Sophos study “ State of Ransomware 2023 ” is available for download at sophos.com.

In line with this topic:


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )