The average ransomware payment collected from organisations in Singapore — that had data encrypted in their most significant ransomware attacks — grew by more than sixfold to US$1.16 million in 2021 from US$187,500 in 2020, said Sophos recently when releasing result of a survey.
In addition 65% of Singaporean organisations surveyed were hit with ransomware in 2021, up from 25% in 2020, the firm noted.
The survey collected responses from 5,600 mid-sized organisations in 31 countries across Europe, the Americas, Asia Pacific and Central Asia, the Middle East, and Africa, with 965 sharing details of ransomware payments, Sophos said.
There were responses from 150 organisations in Singapore, of which 30 shared details of ransomware payments.
Survey highlights
- 64% of attacks resulted in data being encrypted, a considerable increase from the 49% that was reported by respondents in Singapore in 2020.
- 48% of the organisations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.
- The average cost to recover from the most recent ransomware attack in 2021 for organisations in Singapore was US$1.9 million. This is a considerable decrease from the US$3.46M reported in 2020.
- On average, it took one month to recover from the damage and disruption.
- 87% of organisations said the attack had impacted their ability to operate while 83% of victims said they had lost business and/or revenue because of the attack.
- Many organisations rely on cyber insurance to help them recover from a ransomware attack — 86% of mid-sized organisations had cyber insurance that covers them in the event of a ransomware attack.
- In almost all incidents, the insurer paid some or all the costs incurred.
- All Singaporean respondents said their organisations have made changes to their cyber defences over the last year to improve their insurance position.
- 80% have implemented new technologies/services; 60% have increased staff training and education activities; and 53% have changed their processes and behaviours.
Why organisations pay ransom when having other options
Alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available, said Chester Wisniewski, principal research scientist at Sophos.
There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site, he noted.
“In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible,” Wisniewski. “Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option.”
It’s also an option fraught with risk, he warned.
“Organisations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more,” he said. “If organisations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”
Why ransomware risk is growing
According to Wisniewski, the survey findings suggest that a peak in the evolutionary journey of ransomware might have been reached.
“Attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” he said Wisniewski.
In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service, he noted.
In addition, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands, he observed.
However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky high ransoms, he pointed out.
“Sadly, this is unlikely to reduce the overall risk of a ransomware attack,” he warned. “Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”
