Ransomware Is Back in Full Force
After several years of threat actors using an attack method, you expect herd immunity to develop after enough companies enact effective measures. The implementation of P2PE mostly ended card present payment card attacks. We thought MFA might do the same for email account access incidents (not yet). Ransomware began to emerge in 2018 (our average ransom paid was $28,000 then). After five years, widespread immunity is not in sight. Wide deployment of an effective EDR tool that is set to high enforcement mode with active monitoring and the anti-uninstall feature enabled is the primary differentiator between companies that get encrypted and those that do not. Even if you do not stop the data theft/encryption combo from occurring, having available backups to restore from reduces the overall impact.
As the number of vulnerable companies in the herd thins (because they improved on their own, they improved after suffering a ransomware attack, or they improved to get through underwriting for cyber insurance), the remaining may be even more vulnerable. In 2022, we saw increases in average ransom demands, average ransom payments, and average recovery times in most industries. The lull in ransomware that marked the start of the year is over. Ransomware groups have resumed attacks, and organizations must redouble their efforts to defend themselves against increasing attacks.
A Slow Start but a Strong Finish
Ransomware matters slowed in the first half of 2022, with many attributing the slowdown to the war between Russia and Ukraine. Ransomware returned with a vengeance near the end of the year, however, and is only continuing to increase in pace in 2023.
Recovery Times Increase Significantly
The average time to recover from a ransomware incident extended in almost every industry and, in most cases, significantly. Average recovery times in some industries were over a week longer than in 2021. The retail, restaurant and hospitality industry was particularly hard hit, with average recovery times increasing from 7.8 days in 2021 to 14.9 days in 2022 – a 91% increase. However, they weren’t alone: the healthcare; energy and technology; and government industry segments also saw notable increases, at 69%, 54%, and 46%, respectively.
Ransom Demands and Payments Increase
Average ransom demands and payments increased in 2022. The average ransom demand increased in six of the eight industries we tracked.
Average Ransom Payment: