Findings from an independent, vendor agnostic survey of 3000 IT/cyber-security leaders in mid-sized organisations across 14 countries conducted in January and early February 2023.
What is Ransomware?
Ransomware is a type of malicious software that, if installed, can stop you from gaining access to your systems and will then demand that you pay the perpetrator to regain access – in other words, it will hold your systems to ransom.
Ransomware can come in many shapes and sizes - below are a few of the most common types to be aware of, but if you'd rather get straight to finding out how to protect yourself and your company, skip to the takeaway actions.
- Crypto ransomware, also known as "encryptors", is one of the most common and dangerous types. This kind encrypts files and data, rendering the material useless without the decryption key. Unlike the other types below, crypto ransomware may infiltrate your systems in several different ways.
- Phishing refers to one of the methods in which ransomware may make its way into your system. It occurs when a malicious email, which may appear at first to be authentic, is opened and the links within are clicked on. Unfortunately, opening these all but friendly emails will allow the ransomware to be downloaded onto your device. Once in, the ransomware can exploit the security flaws in your device and take control of your systems.
- Scareware may often appear as a security software pop-up, warning you that malware has been identified and that the only way to remove it is to pay. However, despite the name, there is often nothing to be afraid of as attackers are merely bluffing to coerce you into paying, meanwhile your files remain secure.
- Doxware or Leakware refers to when an attacker threatens to release sensitive data online. Although the threat may not always be legitimate, most individuals panic and pay the requested ransom.
- Lockers refers to when a pop-up emerges, requesting for a ransom and totally locks the user out of their computer. Most pop-ups make the user feel like they are in the wrong and will often display timers to pressure you into paying quickly without having the opportunity to report or resolve the attack instead.
The Prevalence of Attacks and Data Recovery after an attack
The Prevalence of Attacks and Data Recovery after an attack
The study revealed that today’s reality is a two-speed cybersecurity system with adversaries and defenders moving at different speeds. Through automation, cybercrime “as-a-service” models, stealthy impersonation, and adaptation, adversaries are accelerating and can now execute a wide range of sophisticated attacks at scale. With 94% of organisations experiencing a cyberattack of some form in the last year, all companies – regardless of size or revenue – should assume they will be a target in 2023.
94%
of organisations experienced a cyberattack of some form in the last year - a 16% increase over the previous year
46%
paid an excessive ransom to get data back
61%
of data was restored, after paying the ransom
4%
that paid the ransom got all their data back
#1
method used to restore data was backups
Ransom Payments
965 respondents whose organisation paid the ransom shared the exact amount, revealing that average ransom payments have increased considerably over the last year.
$812,360
average ransom payment (exluding outliers)
21%
paid ransoms less than $10,000
$2m
average ransom payment for Manufacturing sector
$197k
lowest average ransom payment for Healthcare
Business Impact
The urgent and unpredictable nature of cybersecurity also gets in the way of business-focused efforts: 64%, on average, wish the IT team could spend more time on strategic issues and less time on firefighting. Again, as revenue increases, so does the impact on wider program delivery.
64%
of attacks impacted their ability to operate
86%
of attacks caused loss of business/revenue
$1.4m
average cost to remediate an attack
1 month
average time to recover from attack
Takeaway Actions
Addressing the situation requires a straightforward three-step approach: implement a more scalable incident response process that accelerates response time; leverage adaptive defenses to slow down adversaries; and create a virtuous cycle that improves protection and lowers cost.
A “Shields Up” analogy is useful here. Stopping advanced, persistent adversaries requires organisations optimize the efficacy of their defenses (“shields”), including context-sensitive technologies that can elevate the level of protection in proportion to the situation. Crucially, they also need to use the time that their defenses buy them to apply human expertise to address the root cause requires.
Optimise Prevention
Stop attacks at the earliest possible point to minimise impact.
Reduce Exposure
Minimize opportunities for adversaries to exploit weaknesses in security.
Disrupt Attackers
Buy time to respond in the event of an advanced human-led attack.
We can help you
Ostratto provides the services and technologies that enable businesses to accelerate the defender flywheel and move ahead of adversaries. The products we implement defend over 550,000 organisations against the most advanced threats that exist for all organisations today.
- Optimize prevention: Intercept X blocks 99.98% of threats automatically out of the gate, minimising risk and enabling defenders to focus on fewer incidents that require human intervention.
- Reduce exposure: Optimal protection settings are deployed automatically from day one, eliminating security gaps. Built-in Account Health Checks highlight missing software and configuration issues that can lead to avoidable infections.
- Disrupt adversaries: Adaptive Active Adversary Protection immediately activates heightened defenses when a “hands-on-keyboard” endpoint intrusion is detected, frustrating attackers and buying defenders time to respond.
