"State of Ransomware 2022" study
With its latest study "The State of Ransomware 2022″ once again provides a detailed overview of the ransomware ransomware development in recent months. The report shows that 67% of of the companies surveyed in Germany (globally 66%) were affected by ransomware in 2021. were affected by ransomware in 2021, compared to only 46% in 2020. The average ransom paid by German companies, whose data was encrypted in their largest ransomware attack.., almost doubled to 253,160 euros. After no companies from survey in the previous year, no companies from Germany paid a paid a ransom sum of EUR 925,789 (USD 1 million) or more, this figure jumped to 9% in the latest survey (globally 11 %). Also shocking: 42% (globally 46%) of the German companies whose data had been encrypted paid the ransom to get their their data back, even if they had other means of data recovery, e.g. The report summarises the impact of ransomware on 5 the impact of ransomware on 5,600 SMEs in 31 countries across countries in Europe, North and South America, Asia-Pacific and Central Asia, the Middle East and Africa, with internationally 965 companies (56 in Germany) provided specific information on ransomware payments. Ransomware payments.
"In addition to escalating payments, the survey also shows that the the proportion of victims willing to pay continues to rise, even if they have other have other options available to them," said Chester Wisniewski, principal research Research Scientist at Sophos. "There could be several reasons for this, such as incomplete backups or preventing the publication of stolen data on a public stolen data on a public leaks site. After a After a ransomware attack, there is often a lot of pressure to resume operations as as possible. Restoring encrypted data with the help of data using backups can be a difficult and time-consuming process. process. Therefore, it is seemingly tempting to pay a ransom for the data decryption because it seems like a quick option. option. However, this approach comes with high risks. Companies do not know what the attackers may have done in the network besides the ransomware attack, such as attack, for example, installed backdoors for future attacks, or installed backdoors for future attacks or copied passwords. If companies do not the recovered data thoroughly, in the worst case they will still have potential end up with potentially malicious programmes still on their network and may be network and may be exposed to another attack."
The key findings of the "State of Ransomware 2022'" study at a glance:
- Higher ransom payments: In 2021, 9% (globally 11%) of German companies reported that they paid ransom of EUR 925,789 (US$ 1 million) or more. In 2020 no German company paid a ransom of more than EUR 925,789 (global 3%). The proportion of German companies that paid less than EUR 9,257 (10,000 US dollars) has fallen from 35% in 2020 to 13%. decreased.
- More victims paying ransom: In 2021 42% (globally 46%) of German companies whose data was encrypted by a encrypted by a ransomware attack paid the ransom. From a global global perspective, 26% of the companies that recovered encrypted data in 2021 data using backups also paid the ransom.
- The impact of a ransomware attack can be immense: The average cost of recovery from a ransomware attack in 2021 was EUR 1,601,615 for German companies. EUR 1,601,615 (globally USD 1.4 million / EUR 1,296,105). It took an average of one month to repair the damage and the business interruption. 92% (globally 90%) of German companies said the attack had affected their ability to operate, and and 84% of victims said they had lost business and/or revenue due to the attack. suffered business and/or revenue losses due to the attack.
- Many businesses rely on cyber insurance to help them recover from a ransomware attack: In Germany, 80% (globally 83%) of the companies surveyed had a cyber insurance to cover them in the event of a ransomware attack. In 98% of the German incidents, the insurer paid some or all of the costs incurred, only in 41% was the entire ransom demand covered. ransom demand was covered.
- The requirements for cyber insurance are becoming more complex: Ninety-four per cent of those who have taken out cyber insurance, said that their experience of taking out cyber insurance had changed insurance had changed in the last twelve months. This perception is expressed primarily through higher requirements for cyber security measures, more complex or expensive policies, and fewer companies offering companies offering insurance coverage.
"The findings suggest that we may have reached a reached a peak in the development of ransomware, where the greed of the attackers' greed for ever-higher ransom payments has met head-on with a Hardening of the cyber insurance market. Insurers are increasingly seeking to reduce their ransomware risk and exposure," says Wisniewski. reduce," says Wisniewski. "In recent years, it has become increasingly easy for cybercriminals to use ransomware has become easier and easier as almost everything is available as a service. In addition, many cyber insurance providers have introduced a wide range of recovery costs due to ransomware, including the ransom. ransomware, which has likely contributed to ever higher ransom demands. ransomware claims. The findings also suggest that that the conditions for cyber insurance will become tougher and that the victims of ransomware may be less willing or less able to pay extreme ransom. less able to pay extremely high ransoms. Unfortunately, this is unlikely to reduce the overall risk of a of a ransomware attack. Ransomware attacks are not as resource intensive as other, more crafted cyberattacks. Therefore, any ransomware is a worthwhile asset and cybercriminals will continue to seek out the easy targets."