Ransomware ecosystem Payments on a rise

Ransomware ecosystem: Payments on a rise

3 Mins Read

PUREVPNNewsRansomware ecosystem: Payments on a rise

The proportion of victims affected by ransomware, whose data was locked by their attackers, rose to 76% in the past year, marking the highest level since Sophos began documenting these patterns, according to the company’s recent announcement.

The Sophos State of Ransomware 2023 

The report was based on surveys conducted 

  • in the first quarter of 2023, 
  • involving 3,000 leaders in the fields of cybersecurity and IT. 
  • The participating organizations were situated in 14 countries and 
  • had workforces ranging from 100 to 5,000 employees. 
  • Their revenue varied from under $10 million to over $5 billion.

The rate of data encryption in 2022 represents a record high since the report series commenced in 2020, initially standing at 73%. Sophos argues that this trend signifies the advancing expertise of adversaries who persistently innovate and refine their methods.

  • The sole exception to this trend was observed in the IT, technology, and telecoms sector, where the encryption rate was only 47%.
  • Approximately 30% of encrypted data cases also involved the theft of that data, often through double extortion attacks. Victims were extorted without encrypted data in a mere 3% of incidents.

Note: Interestingly, those who opt to pay the extortionists face double the recovery costs, with an average expense of $375,000 for those relying on backups, compared to $750,000 for those who pay the ransom. Furthermore, paying the ransom also risks prolonging the recovery process. 

  • Sophos reported that 45% of organizations utilizing backups could recover within a week, while only 39% of those who paid the ransom achieved the same result.

Source: Sophos

  • Around 46% of victims whose data was encrypted chose to pay the ransom, with this percentage rising to over 50% for businesses with higher wealth that are more likely to possess dedicated cyber-insurance policies.
  • These findings contradict the results of blockchain analysis, which indicated a 40% decrease in the total value of ransomware payments in 2022 compared to the previous year. They also challenge a February report by Trend Micro, which estimated that only 10% of victims give in to their extortionists’ demands.
  • Sophos contends that the rate of ransomware victimization remained unchanged in 2022, remaining at 66% as in the previous year.

Root causes of ransomware attacks (Sophos)

What do the company think?

Chester Wisniewski, Sophos’ field CTO, emphasized the importance of swiftly detecting and responding to threats to reduce these numbers. Wisniewski explained that 

“Human-led threat hunting is highly effective in halting these criminals, but it requires prompt investigation of alerts and swift eviction of intruders from systems, ideally within hours or days rather than weeks or months.”

“He further emphasized the significance of continuous vigilance by organizations to mount an effective defense in today’s threat landscape, noting that experienced analysts can identify the signs of an ongoing intrusion within minutes and take immediate action. Such proactive measures likely account for the difference between the one-third of organizations that successfully evade attacks and the two-thirds that do not.”

TrendMicro analysis

According to Trend Micro, using visual representations to analyze financial transactions associated with ransomware data proved highly beneficial for analysis. For instance, examining ransomware payments often reveals a pattern of funds flowing through various mixing services employed by ransomware actors to complicate tracing their activities. 

  • Employing statistical visualizations of leak data timelines can unveil interesting dynamics within a ransomware group. Some groups exhibit high activity levels, while others experience lower volumes or periods of inactivity.
  • It is most advantageous to initially rely on a singular data source, such as detection metrics, to visualize the activity of a ransomware group and establish a foundational level of information. 
  • Discovered that graph visualizations and analysis were most suitable for illustrating intricate relationships between different entities, charts proved more effective for detecting anomalies and outliers and statistical and trend analysis.

Concluding thoughts

The yearly examination conducted by Sophos investigates the practical encounters of IT and cybersecurity leaders with ransomware and presents a comprehensive understanding of the challenges confronting organizations in 2023. 

The study uncovers the prevailing origins of attacks and provides fresh insights into the variations in ransomware experiences based on corporate earnings. The report discloses the effects on business and operations when paying the ransom for data recovery instead of relying on backups.

So backup and cheer up!

author

PureVPN

date

May 11, 2023

time

1 year ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack
Posted on May 14, 2024
South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches

South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches
Posted on May 14, 2024
The Rise of Malvertising Attacks by FIN7

The Rise of Malvertising Attacks by FIN7
Posted on May 13, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN