- Threat actors encrypted data in three in four ransomware attacks last year, the highest rate of data encryption linked to ransomware in at least four years, according to research Sophos released Wednesday.
- Of the 3,000 IT and cybersecurity leaders surveyed across 14 countries, two-thirds of respondents said their organizations were hit by a ransomware attack last year, a repeat of 2022’s figures.
- Organizations in the IT, technology and telecommunications sector prevented or otherwise avoided data encryption during half of all ransomware attacks, the lowest rate of any sector during the last year. Business and professional services organizations experienced data encryption in 92% of all ransomware attacks, the report found.
The increased rate of data encryption during ransomware attacks indicates threat actors are sticking to a defining characteristic while executing ransomware.
Despite some variance in ransomware attack methods — scenarios when threat actors skip encryption and lean more heavily on data theft and extortion — locking up critical data remains the top act carried out by ransomware groups.
The rate of data encryption involved in ransomware attacks is worryingly high, Chester Wisniewski, field CTO for applied research at Sophos, said via email.
“This means that defenders are only able to stop an attack in progress about 1 in 4 times,” Wisniewski said.
When threat actors encrypted data during a ransomware attack last year, they also stole data in almost one-third of incidents, according to Sophos.
Nearly all, or 97%, of organizations that had data encrypted during a ransomware attack ultimately recovered that data. Nearly half of those organizations paid the ransom to recover data, according to Sophos.
In addition to ransom payments organizations incurred costs related to downtime, devices, networks and lost opportunities. Excluding ransoms, organizations reported a mean ransomware recovery cost of $1.8 million during the last year, and 43% of respondents said their organization “lost a lot of business/revenue” as a result of the attack.