Ransomware attacks are getting much better at encrypting data

ransomware avast
(Image credit: Avast)

Ransomware operators are getting better at encrypting data during attacks, causing extra headaches for the IT teams trying to parry the attack, a new report has claimed. 

The Sophos state of ransomware 2023 report, based on a vendor-agnostic survey of 3,000 cybersecurity and IT leaders,found in three-quarters (76%) of ransomware attacks, threat actors managed to encrypt the data - the highest percentage since Sophos started tracking the metric three years ago.

High recovery costs for those that pay

The report also gives another reason why businesses should refrain from paying the ransom. Those that did doubled their recovery costs - $750,000, versus $375,000 for those that merely used their backups. Furthermore, it takes longer to recover the files with the decryptor. Almost half (45%) of organizations using backups recovered within a week, compared to two in five (39%) of those that paid up. 

Sophos also warns that despite other reports out there stating otherwise, the number of ransomware attacks isn’t dwindling - it’s plateauing. This year, 66% of surveyed firms reported being attacked by ransomware, the same as last year. 

“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes," said Chester Wisniewski, field CTO, Sophos.

“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.

Sophos’ report also claims that system vulnerabilities are most commonly used to launch ransomware attacks (36%), and not compromised credentials (29%), showing the importance of keeping software and hardware updated.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.