Ransomware attacks are getting much better at encrypting data

High recovery costs for those that pay

The report also gives another reason why businesses should refrain from paying the ransom. Those that did doubled their recovery costs - $750,000, versus $375,000 for those that merely used their backups. Furthermore, it takes longer to recover the files with the decryptor. Almost half (45%) of organizations using backups recovered within a week, compared to two in five (39%) of those that paid up. 

Sophos also warns that despite other reports out there stating otherwise, the number of ransomware attacks isn’t dwindling - it’s plateauing. This year, 66% of surveyed firms reported being attacked by ransomware, the same as last year. 

“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes," said Chester Wisniewski, field CTO, Sophos.

“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.

Sophos’ report also claims that system vulnerabilities are most commonly used to launch ransomware attacks (36%), and not compromised credentials (29%), showing the importance of keeping software and hardware updated.

• These are the best malware removal tools right now