Costs associated with ransomware attacks are skyrocketing

A

Alfonso Maruccia

Posts: 1,707   +500
Staff
In context: Sophos has released its latest report on the state of ransomware, surveying thousands of professionals and critical national infrastructure organizations across 14 countries and 15 industries. According to the British security company, file-encrypting threats have become more complex and sophisticated.

According to figures included in the report, ransomware attacks are causing CNI companies and organizations to pay significantly more than in the past. The median ransom payment rose to $2.54 million last year, which is 41 times larger than the previous year's amount ($62,500).

Payments have been even higher in the first months of 2024, with a median sum of $3.225 million. The report is based on real-world ransomware attacks, Sophos explains, but not all CNI victims were willing to disclose full details about their specific experiences. This suggests that the real situation could be even worse.

IT and tech-related companies are seemingly less willing to pay the ransom, with a median payment of just $330,000. Meanwhile, education-related and federal government organizations have reported the highest average payments at $6.6 million. Costs associated with recovery procedures are skyrocketing as well.

The average cost to replace, repair, and recover data and systems rose to $3 million, with some industries forced to quadruple their expenses to recover from a ransomware infection. Organizations in the oil, gas, energy, and utility sectors had to pay slightly less ($3.12 million) compared to the previous year ($3.17 million), while energy and water CNI companies suffered the largest increase in recovery costs, up to $750,000.

Cyber-criminals seemed particularly fond of targeting companies managing power and water utilities, with 67 percent of these organizations reporting a ransomware attack, compared to a global average of 59 percent. Even after paying a ransom, companies are taking longer to recover from a ransomware infection.

The number of victims requiring more than a month to regain full control of their IT systems rose from 36 percent to 55 percent. Sophos suggests this is a consequence of more sophisticated and complex attacks, which require more extensive recovery work. On a positive note, almost all victims (98 percent) can recover their encrypted data eventually, with law enforcement agencies cooperating with 97 percent of them.

Lastly, Sophos advises that paying ransoms is never in the best interest of ransomware victims. An increasing number of organizations (61 percent) paid a ransom to recover their data, but they still had to extend the time needed to achieve full recovery. Paying ransoms also encourages cyber-criminals to perform more attacks in the future.

Permalink to story:

Costs associated with ransomware attacks are skyrocketing

 
US and other countries should make paying any such ransom illegal. That won't stop everyone, but it would stop the federal, educational, audited public companies, etc. which is still substantial. It would also stop insurance companies from paying out which is part of the ecosystem now. Every one of these payments is essential a job offering saying "hey we're willing to pay you to hack us."

The feds can use the money to investigate and attempt to prosecute, or, IMO, for important enough infrastructure targets, to turn the matter over to the military.
 
An Acronis True Image back up every 24hrs is the ticket!

That's what I've been using for the past 11 years! I save one of the two backs from True Image, to an external hard drive, that is never connected to my computer when online. I have already paid for the two 8tb external hard drives, and True Image software, so everything is paid for and has been paid for, going on 7 years now! No reoccurring bills from inefficient snooping cloud server company.

People actually back up their personal data to Google Servers! My goodness...
 
  • Like
Reactions: RudyBob and n3o127
Nvidia can double GPU prices while crying about inflation and supply chain issues of infinite duration but the more honest criminals can't charge more?

Everybody's got bills to pay.
 
  • Like
Reactions: RudyBob
If every country banned cryptocurrency, this would crater ransom payments. Crypto had a chance and it’s almost exclusively a tool of criminals now. We can’t fix people being pricks but we can at least make it harder for them to commit crimes and get paid.
 
  • Like
Reactions: kiwigraeme
J95qRP7 said:
If every country banned cryptocurrency, this would crater ransom payments. Crypto had a chance and it’s almost exclusively a tool of criminals now. We can’t fix people being pricks but we can at least make it harder for them to commit crimes and get paid.
Click to expand...

Crypto is traceable , but not easily, plus the crims can spin/wash it , or whatever the term is called x times.
Their main protection is living in Russian , north Korea etc .

Not going to happen, at least a compromise of no transactions over $500. That allows those who want some openness to crypto, people can still pay for grey services . Or get around currency control in their banana republic. Yes they will ask for multiples of $500 , but would be noticed , plus added benefit make BS speculation more painful . probably wouldn't work anyway - just an idea
 
kiwigraeme said:
Their main protection is living in Russian , north Korea etc .
Click to expand...
More times than I would have guessed, they find perpetrators right here at home. At least those people can be prosecuted.

To the ones feeling safe in non-extradition countries, if the target/total harm justifies it, I'm past the point where I'm ready for hardball. Let the diplomats have a quiet discussion about someone is going to pay and we'd all rather it be the scumbags than each other's soldiers, and then kidnap or drone-strike the worst offenders in a noisy enough way so that crooks get the message this is not an entirely safe endeavor. The diplomats on both sides can feign outrage, surprise, denial, etc as they usually do.

The really sticky situation is when it's not ordinary criminals, but actual state actors acting on state instructions. Do I really want to go to war with North Korea over one random small business losing $150,000 to their scam? Probably not. Is it the same story if they shut down 10 ERs and 100 people die? I don't know where the line is, but there is one eventually.
 
brucek said:
More times than I would have guessed, they find perpetrators right here at home. At least those people can be prosecuted.

To the ones feeling safe in non-extradition countries, if the target/total harm justifies it, I'm past the point where I'm ready for hardball. Let the diplomats have a quiet discussion about someone is going to pay and we'd all rather it be the scumbags than each other's soldiers, and then kidnap or drone-strike the worst offenders in a noisy enough way so that crooks get the message this is not an entirely safe endeavor. The diplomats on both sides can feign outrage, surprise, denial, etc as they usually do.

The really sticky situation is when it's not ordinary criminals, but actual state actors acting on state instructions. Do I really want to go to war with North Korea over one random small business losing $150,000 to their scam? Probably not. Is it the same story if they shut down 10 ERs and 100 people die? I don't know where the line is, but there is one eventually.
Click to expand...
I suppose anyone can buy the tools to do it, no matter their country. Young peole being ramson for sexpicts and then self harming is also a highly worrying
There is always a % of population that don't care , they are stealing to feed their families just about never washes. Crims that break into people's homes to steal $200 and do $30000 damage thing it's funny, they don't care
Yeah no easy solutions, does help when those in power seem immoral and corrupt in many countries
 
As long as people are paying for ransomware, your actually rewarding the folks who decided to ransom your files or infrastructure. The money you could spend on unlocking your files could be spend in the first place in proper security, training and more important, solid backups.



 
  • Like
Reactions: Burty117
I don't understand how these bigger companies do not have a backup solution that allows them to recover quickly. Is it the classic "I don't want to pay for that" but when they get hit with a ransomware, suddenly there's budget for it?

IT just isn't taken seriously enough until it hits the pockets of the leadership.
 
  • Like
Reactions: BbN48
Zcolor said:
An Acronis True Image back up every 24hrs is the ticket!

That's what I've been using for the past 11 years! I save one of the two backs from True Image, to an external hard drive, that is never connected to my computer when online. I have already paid for the two 8tb external hard drives, and True Image software, so everything is paid for and has been paid for, going on 7 years now! No reoccurring bills from inefficient snooping cloud server company.

People actually back up their personal data to Google Servers! My goodness...
Click to expand...
I hate to burst your bubble, but this will not protect you. A ransomware attack typically sits on your computer for around 56 days in silent mode. Basically undetected and often called a Command and Control Service (C2C). Then, when it gets a signal from a server, it encrypts. In your scenario, all your backups will be infected for the last two months; any attempt to recover will result in the 'backed up C2C service' re-activating.
 
Burty117 said:
I don't understand how these bigger companies do not have a backup solution that allows them to recover quickly. Is it the classic "I don't want to pay for that" but when they get hit with a ransomware, suddenly there's budget for it?

IT just isn't taken seriously enough until it hits the pockets of the leadership.
Click to expand...
They have backups, but there are two issues: 1. the backups are infected and so the recovery is also infected; and 2. attackers generally don't go for the data, they go for the Identity Store (Okta, Active Directory, etc) - they get admin privileges and then go for the data (exfiltration). So, generally, your data is intact, but you have no way to access it because the attackers have removed all your access rights. So, unless you can recover your Identity Store, backups are useless.
 
I use Macrium Reflect which includes some kind of file system filter driver that protects backup files from being modified and/or deleted by anything other than Macrium Reflect itself. So even if a ransomware attack happened to my own personal machines, I'd be up and running again in... oh, I don't know, a few hours.
 
You must log in or register to reply here.

Similar threads

midian182
UK could ban ransomware payments by the public sector and critical infrastructure companies
Replies
5
Views
220
dualkelly
dualkelly
midian182
Ransomware attacks hit record levels in 2024 despite law enforcement crackdowns
Replies
13
Views
395
Win7user
W
zohaibahd
Human error to blame in Ascension data breach that impacted 5.6 million patients
Replies
10
Views
373
Hotlynx16
H

Latest posts

Back