A new survey of IT professionals shows that 66% of organizations experienced a ransomware attack in 2021, up from 37% in 2020, while ransom payments have also increased.
The 78% increase in organizations reporting attacks likely reflects the growing ransomware-as-a-service model, which extends the reach of ransomware by reducing the skill level required to deploy an attack, the Sophos report noted. Adversaries were successful at encrypting data in 65% of the attacks, an increase from the 54% encryption rate in 2020.
The State of Ransomware Report released Wednesday surveyed 5,600 IT pros across 31 countries in January and February.
Nearly 1,000 respondents (965) revealed the amount they paid for the ransom. The average payment was $812,360, a nearly fivefold increase from 2020’s $170,000 average.
Nine in 10 respondents said the attack affected their organizations’ ability to operate, and took $1.4 million to recover from the attack (down slightly from $1.85 million in 2020). Cyber insurance covered all or some of the cost of an attack in 98% of incident where victims had insurance.
It wasn’t all bad news in the report, which pointed out that organizations are adapting and getting better at dealing with a ransomware attack. Nearly all organizations that were attacked, 99%, now recover some of the data, a slight increase from 96%. Nearly three-quarters, 73%, used backups, which was the No. 1 method of restoring data.
“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Chester Wisniewski, principal research scientist at Sophos, in a news release.