The Sophos State of Ransomware 2023 Report

If you are at all interested in the state of backups and restores, then this is a read for you. It illustrates that backups continues to be the most common approach to recovery with 70% of incidents reported and the use of backups as the remedy is down from last year by 3%

RESILIENCYSECURITY

Richard Dean

8/3/20232 min read

"The drop in the use of backups to recover encrypted data is considerable cause for concern."

Sophos is a British-based security software and hardware company that develops products for communication endpoint, encryption, network security, email security, mobile security, and unified threat management. Sophos also conducts research and publishes reports on various cybersecurity topics. If you are at all interested in the state of backups and restores, then this is a read for you. It illustrates that backups continues to be the most common approach to recovery with 70% of incidents reported and the use of backups as the remedy is down from last year by 3%. You can download the full report from here but to save you some time, I've have highlighted some of the key takeaways from the report.

  • Purpose: The report is based on a survey of 3,000 IT/cybersecurity leaders across 14 countries, conducted in January-March 2023. It reveals the most common root causes of attacks and how experiences with ransomware differ based on organization revenue.

  • Rate of Ransomware Attacks: The rate of ransomware attacks has remained level, with 66% of respondents reporting that their organization was hit by ransomware in the previous year. Singapore reported the highest rate of ransomware attacks in this year’s study, with 84% of organizations being hit in the previous year.

  • Root Causes of Ransomware Attacks: An exploited vulnerability was the most common root cause of ransomware attacks (36%), followed by compromised credentials (29%). Emails were the root cause of 30% (with rounding) of attacks: 18% started with a malicious email and 13% with phishing.

  • Data Recovery: 97% of organizations that had data encrypted got data back. Backups were the most common approach, used in 70% of incidents. 46% paid the ransom and got data back, while 2% used other means.

  • Ransom Payments: The average (mean) ransom payment almost doubled from $812,380 in 2022 to $1,542,333 in 2023. The median ransom payment reported in this year’s study was $400,000.

  • Recovery Costs: Excluding any ransoms paid, organizations reported an estimated mean cost to recover from ransomware attacks of $1.82 million, an increase from the 2022 figure of $1.4 million and in line with the $1.85 million reported in 2021.

Ransomware continues to be a major threat to organizations. As adversaries continue to hone their attack tactics, defenders are struggling to keep pace. The drop in the use of backups to recover encrypted data is considerable cause for concern.