Remediating a ransomware attack in SA costs billions - Sophos report
The report reveals the following about ransomware attacks in South Africa:
- 24% of respondents from South Africa had experienced a ransomware attack in the last 12 months – the same proportion as the year before.
- Fewer organisations had data encrypted as the result of a significant ransomware attack: 44% in 2021, compared to 56% in 2020.
- The average cost of remediating a ransomware attack in South Africa was $447,097 (R6.4bn).
- 42% of respondents from South Africa that wasn’t hit by ransomware in the last 12 months but expect to be hit in the future believe that ransomware attacks are getting increasingly hard to stop due to sophistication.
- 31% of respondents from South Africa that wasn’t hit by ransomware in the last 12 months but expect to be hit in the future say it is hard to stop their users from compromising the organisation’s security.
The average global total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 (R11m) in 2020 to $1.85m (R27m) in 2021. The average ransom paid is $170,404 (R2m).
The global findings also show that only 8% of organisations managed to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.
Sophos said the following: "While the number of organisations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organisations suffered data encryption as the result of a significant attack - 54% in 2021 compared to 73% in 2020, the new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack."
The main findings of the State of Ransomware 2021 global survey include:
- $3.2m (R46m) was the highest-paid out of those surveyed, the most common payment was $10,000 (R143k). Ten organisations paid ransoms of $1m (R14m) or more.
- The number of organisations that paid the ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all of their data.
Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data,” said Chester Wisniewski, a principal research scientist.
“Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more. Further, the definition of what constitutes a ‘ransomware’ attack is evolving. For a small, but significant minority of respondents, the attacks involved payment demands without data encryption.
"This could be because they had anti-ransomware technologies in place to block the encryption stage or because the attackers simply chose not to encrypt the data. It is likely that the attackers were demanding payment in return for not leaking stolen information online. A recent example of this approach involved the Clop ransomware gang and a known financially motivated threat actor hitting around a dozen alleged victims with extortion-only attacks," Wisniewski added.