Singapore had the highest rate of ransomware attacks, with 84% of organisations surveyed reporting they were a victim of this type of attack, up from 65% in the previous year, said Sophos when releasing its State of Ransomware 2023 report.
In addition, in 61% of attacks on surveyed organisations from Singapore, adversaries succeeded in encrypting data with 53% of those who had data encrypted paying the ransom to get their data back, Sophos noted, adding that this is up from 48 per cent last year and higher than the global average of 47%.
Data for report comes from a survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023 while respondents were based in 14 countries across the Americas, EMEA and Asia Pacific and Japan, Sophos noted.
Survey highlights
- On a global scale, when organisations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs — US$750,000 in recovery costs versus US$375,000 for organisation that used backups to get data back.
- Paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39 per cent of those that paid the ransom.
- When analysing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 43% of cases), followed by compromised credentials (involved in 26% of cases).
- In 30% of cases where data was encrypted, data was also stolen, suggesting this “double dip” method (data encryption and data exfiltration) is becoming commonplace.
- The education sector reported the highest level of ransomware attacks, with 79% of higher education organisations surveyed and 80% of lower education organisations surveyed reporting that they were victims of ransomware.
- Overall, 46% of organisations surveyed that had their data encrypted paid the ransom.
- But larger organisations were far more likely to pay.
- More than half of businesses with revenue of US$500 million or more paid the ransom, with the highest rate reported by those with revenue over US$5 billion. This could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments
