Sophos’ State of Ransomware 2020 revealed that paying cybercriminals to restore data encrypted during a ransomware attack is not an easy and inexpensive path to recovery. The total cost of recovery almost doubles when organizations pay a ransom.
More than half (52%) of organizations in Asia Pacific and Japan (APAC) had experienced a ransomware attack in the previous 12 months. Data was encrypted in 81% of attacks that successfully breached an organization in APAC.
The average global cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, is US$730,000. This average cost rose to US$1.4 million, almost twice as much, when organizations paid the ransom. Close to one half (40%) of organizations hit by ransomware in APAC admitted paying the ransom.
“Organizations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory. Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair,” said Chester Wisniewski, principal research scientist, Sophos.
Less than half (45%) the IT managers surveyed in APAC were able to recover their data from backups without paying the ransom. In a very small minority of cases (1%), paying the ransom did not lead to the recovery of data.
At a global level, for 5% of public sector organizations, paying the ransom did not lead to the recovery of data. In fact, 13% of the public sector organizations surveyed never managed to restore their encrypted data, compared to 6% of all organisations globally.
However, contrary to popular belief, the public sector was least affected by ransomware globally, with just 45% of the organizations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure and entertainment businesses in the private sector were most affected by ransomware, with 60% of respondents reporting attacks.
Attackers increase pressure to pay