Business, News, Security

Sophos ransomware report says 51% of SA companies hit by attack in 2021

Robin-Leigh Chetty

9th May 2022

It is no secret that the pandemic has seen ransomware take centre stage in terms of security concerns for many companies, but the latest State of Ransomware Report from cybersecurity experts Sophos shows that it is plaguing South African companies in particular.

According to the report, which surveyed 5 600 IT decision makers in 31 countries, including South Africa, regarding the cybersecurity elements they encountered throughout 2021, an estimated 51 percent of organisations in SA were hit by an attack last year.

Added to this, roughly half (49 percent) of local companies hit by an attack ended up paying the ransom, despite many of them having counter measures in place such as encrypted data or full backups available.

This, however, is not a behaviour limited to SA alone according to the results of the survey, with

“There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible,” notes Chester Wisniewski, principal research scientist at Sophos.

While there may indeed be effective measures in place to cope with a ransomware attack, it looks like uncertainty and potential downtime are often too great a risk to handle for many organisations.

This as the global average cost to recover from the most recent ransomware attack in 2021 was $710 000, Sophos highlights. Added to this is the fact that it takes on average one month to recover from the damage and disruption.

To that end 95 percent of organisations surveyed said the attack had impacted their ability to operate and 92 percent of victims said they had lost business and/or revenue because of the attack.

“Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk. Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack,” adds Wisniewski.

With ransomware now widespread, coupled with its success for criminals and mounting costs for companies like the need for cyber insurance, the outlook only looks to be getting worse.

“In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service. Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands. However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky high ransoms. Sadly, this is unlikely to reduce the overall risk of a ransomware attack.”

“Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit,” he concludes.

You can read the full State of Ransomware 2022 Report here.

[Image – CC 0 Pixabay]

About Author

Robin-Leigh Chetty

Editor of Hypertext. Covers smartphones, IoT, 5G, cloud computing and a few things in between. Also a keen photographer and dabbles in console games when not taking the hatchet to stories.