Remediating a ransomware attack in SA costs billions - Sophos reportIT security company Sophos has released its State of Ransomware 2021 global report, which includes stats for South Africa. The survey was conducted by Vanson Bourne in January and February 2021. The survey interviewed 5,400 IT decision-makers in 30 countries. All respondents were from organisations with between 100 and 5000 employees. Photo by Soumil Kumar from Pexels The report reveals the following about ransomware attacks in South Africa:
The average global total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 (R11m) in 2020 to $1.85m (R27m) in 2021. The average ransom paid is $170,404 (R2m). The global findings also show that only 8% of organisations managed to get back all of their data after paying a ransom, with 29% getting back no more than half of their data. Sophos said the following: "While the number of organisations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organisations suffered data encryption as the result of a significant attack - 54% in 2021 compared to 73% in 2020, the new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack." The main findings of the State of Ransomware 2021 global survey include:
Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data,” said Chester Wisniewski, a principal research scientist. “Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more. Further, the definition of what constitutes a ‘ransomware’ attack is evolving. For a small, but significant minority of respondents, the attacks involved payment demands without data encryption. "This could be because they had anti-ransomware technologies in place to block the encryption stage or because the attackers simply chose not to encrypt the data. It is likely that the attackers were demanding payment in return for not leaking stolen information online. A recent example of this approach involved the Clop ransomware gang and a known financially motivated threat actor hitting around a dozen alleged victims with extortion-only attacks," Wisniewski added. |