Ransomware attack costs on Australian firms soar, reveals Sophos
Cybersecurity firm Sophos reveals in its "State of Ransomware 2024" report that the consequences of ransomware attacks on Australian organisations are becoming progressively worse despite the incident rate decreasing. According to the report, ransomware attacks dropped by 14% compared to last year, yet the average payment has significantly increased.
In a striking comparison between 2023 and 2022 data, it was found that the average ransom payment from organisations was USD $6,002,186, marking an astronomical rise from the previous year's figure of USD $1,513,436 and the 2021 figure of USD $226,863. This represents an alarming 297% increase in the average ransom payment made within the last year, with the average ransom demand being approximately USD $6.8 million.
Sophos' report also reveals that the financial repercussion of a ransomware attack extends beyond the ransom payment. Aside from this, Australian organisations had to bear an average recovery cost of USD $2.37 million, up from the USD $1.72 million reported in 2023. This signifies an increment of more than USD $500,000. A noteworthy point is that the recovery time has considerably lengthened, with about 33% of organisations taking between one and six months to fully recover, a significant rise from 17% last year.
John Shier, Field CTO at Sophos, warns: "We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill."
Sophos interprets the data further to learn that organisations of diverse sizes are targets for ransomware attacks. Approximately 47% of small organisations with revenue of less than USD $10 million were hit by ransomware in the last year. On an encouraging note, the report substantiates a significant reduction in the rate of ransomware attacks - 54% of Australian organisations have suffered an attack compared to 70% in 2023 and a staggering 80% in 2022.
The analysis notably found that compromised credentials were the primary cause of attacks on Australian businesses, accounting for 37% of incidents. This was closely followed by exploited vulnerabilities, accounting for 32% of attacks. Data encryption was seen as a consequence of 49% of attacks, and disturbingly, 66% of organisations with encrypted data paid the ransom. Consequently, Australian organisations experienced a higher percentage of successful backup compromise attempts during these attacks, hitting a rate of 66%, the highest reported by any country.
Shier remarks, "Two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable. Businesses need to critically assess their levels of exposure to these root causes and address them immediately."
To protect themselves, organisations are advised by Sophos to understand their risk profiles, implement advanced endpoint protection, bolster defences with 24/7 threat detection, build incident response plans, and frequently back up and practice data recovery procedures.