Taiwo Hassan 
A new report by Sophos has revealed that in 76 per cent of ransomware attacks against surveyed organisations, adversaries succeeded in encrypting data. According to the State of Ransom- ware 2023 report, this is the highest rate of data encryption from ransomware since Sophos started issuing the report in 2020. The survey, according to Africa Business Communities, also shows that when organisations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs ($750,000 in recovery costs versus $375,000 for organizations that used back- ups to get data back).
Moreover, paying the ransom usu- ally meant longer recovery times, with 45 per cent of those organizations that used backups recovering within a week, compared to 39 per cent of those that paid the ransom. Overall, 66 per cent of the organisa- tions surveyed were attacked by ran- somware—the same percentage as the previous year. This suggests that the rate of ransomware attacks has re- mained steady, despite any perceived reduction in attacks. “Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is cer- tainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos.
“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski. When analysing the root cause of ransomware attacks, the most com- mon was an exploited vulnerability (involved in 36% of cases), followed by compromised credentials (involved in 29% of cases).
This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders. In 30 per cent of cases where data was encrypted, data was also stolen, suggesting this “double dip” method (data encryption and data exfiltration) is becoming commonplace. The education sector reported the highest level of ransomware attacks, with 79 per cent of higher education organizations surveyed and 80 per cent of lower education organizations surveyed reporting that they were victims of ransomware Overall, 46 per cent of organisations surveyed that had their data encrypted paid the ransom.
However, larger or- ganisations were far more likely to pay. In fact, more than half of businesses with revenue of $500 million or more paid the ransom, with the highest rate reported by those with revenue over $5 billion. This could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments. “With two thirds of organisations re- porting that they have been victimised by ransomware criminals for the second year in a row, we’ve likely reached a pla- teau. The key to lowering this number is to work to aggressively lower both time to detect and time to respond.