- The prevalence and scope of ransomware exploded in 2021, as two-thirds of mid-sized organizations worldwide were targets and average ransom payouts saw a five-fold increase, according to the State of Ransomware 2022 report from Sophos released Wednesday.
- Ransomware hit 66% of mid-sized organizations last year, up from 37% in 2020. Average ransom payments reached $812,000 during 2021, compared with $170,000 the prior year.
- Among organizations with encrypted data, 46% paid a ransom to adversaries. In addition, 26% of organizations who were able to restore data from backups, still decided to pay a ransom.
As ransomware attacks become more prevalent and threat actors develop more sophisticated attack methods, the toll has increased for targeted organizations.
One in 10 organizations are paying $1 million or more in ransoms, compared with only 4% in 2020, according to the report.
The highest average ransom payments were in manufacturing at $2.04 million, as well as energy and utilities at $2.03 million. The lowest average ransom payments were in healthcare at $197,000 and state/local governments at $214,000.
Among organizations whose data was encrypted, almost half of victims paid a ransom to the adversary, according to the report.
Critical infrastructure providers came under increasing threats from sophisticated and often brazen ransomware attacks in 2021, including the May attack on Colonial Pipeline that led to an initial $4.4 million ransom payment. Meat processing firm JBS USA also faced a major ransomware attack last year, with JBS paying out $11 million to avoid disruption to the food supply.
The study showed ransomware created considerable costs for organizations, however some of the financial impacts have been mitigated.
The average cost of a ransomware attack fell to $1.4 million in 2021, down from $1.85 million in 2020.
U.S. government data showed a rise in ransomware activity in 2021. The Treasury Department reported $590 million in ransomware-related activity in suspicious activity reports during the first half of 2021.
Much of the costs of a ransomware attack are covered by insurance, however insurance coverage is becoming more restrictive in terms of underwriting requirements and coverage.
The Russian invasion of Ukraine has ramped up pressure even more on cybersecurity coverage, as insurers have previously excluded coverage for war-related incidents. However, a recent court decision related to NotPetya allowed Merck to get reimbursed for about $1.4 billion in claims after the insurer initially refused coverage.
A total of 94% of Sophos respondents said obtaining cyber insurance coverage had become more difficult over the past year. As previously reported, the insurance industry has been under tremendous pressure due to the rise in ransomware attacks as well as the prevalence of state-linked threat actors using cyber as a means of asymmetric warfare.
Sophos commissioned a survey by independent research group Vanson Bourne of 5,600 IT professionals in 31 countries across the globe. The survey, completed in January and February, included IT professionals from organizations of between 100-5,000 employees.