Only 25% of organizations surveyed by Delinea were affected by ransomware attacks in 2022, but fewer companies are taking proactive steps to prevent such attacks.
There is good news and bad news in the ransomware world, according to a report released by the privileged access management company Delinea. Based on survey results, these types of attacks have declined over the past 12 months, but the decline may lead companies to become more complacent — to the point of not taking the necessary precautions.
The new report “Making the tough choices for ransomware preparedness and responsewas based on a survey of 300 IT and security decision makers in the US, conducted on behalf of Delinea by Censuswide. The study analyzed trends in ransomware in 2022 compared to 2021.
SEE: Mobile device security policies (Tech Republic Premium)
Jump to:
Fewer ransomware victims in 2022
The Delinea report found:
- Only a quarter of respondents said they had been victims of ransomware attacks in 2022, a significant decrease from 64% in the previous year.
- About 56% of organizations with 100 or more employees were affected by ransomware in 2022, up from 70% in 2021.
- During the same period, 13% of companies with less than 100 employees were victims of ransomware, compared to 34%.
Why the decline? Delinea mentioned a few possible reasons: One factor could be the dissolution of the Conti ransomware group in smaller factions; another cause may be the greater effectiveness of security tools in preventing attacks; alternatively, fewer victims may be reporting ransomware attacks.
Fewer organizations willing to pay the ransom
The number of victims willing to pay a ransom to retrieve their data is also declining, with only 68% of organizations hit by ransomware in 2022 paying the ransom.
At the same time, the average ransomware payment has increased. Payments in cases seen by Palo Alto Networks’ Unit 42 group reached nearly $1 million over the first five months of 2022, an increase of 71% compared to the same period in 2021.
There are a few reasons why victims are less willing to pay the ransom:
- The FBI and other authorities have warned that paying the ransom does not mean getting your data back.
- Payments encourage criminals to launch more ransomware attacks in a seemingly endless cycle.
- More organizations could turn to effective data backup tools to recover their files.
Victims are still suffering the consequences of cyber attacks
While there may have been fewer businesses affected by ransomware last year, those that do are affected have different consequences. Among the respondents who reported attacks:
- More than half (56%) said they saw a loss of income.
- About 43% witnessed reputational damage.
- Exactly half (50%) lost customers and 24% had to lay off employees.
- Only 3% said they experienced no repercussions.
Refusal of certain measures to prevent ransomware
Along with the decline in ransomware attacks, there has been a decline in certain measures companies take to protect themselves. Of those surveyed, 71% said they have an incident response plan, compared to 94% last year. About 68% said they currently spend money from their budget on ransomware defense, up from 93% last year.
76% of organizations hit by a ransomware attack increased their security budget in response, compared to 72% last year. The irony here is that many IT departments don’t get more money for their security budget until after they’ve been attacked.
Ransomware: the most vulnerable areas
Whether or not they allocate enough money and resources to security, the IT decision makers surveyed are certainly aware of the threat posed by ransomware. Asked to identify the most vulnerable areas to ransomware attacks:
- More than half (52%) identified email.
- About 42% pointed to software applications.
- Less than a third (29%) recognized privileged access as a threat vector.
- Only 27% noticed the cloud.
- Only 16% mentioned their endpoints.
Recommendations to prevent ransomware attacks
How can organizations better protect themselves against ransomware attacks? The respondents mention a number of steps they have taken themselves. About 53% said they regularly update their systems and software, 52% back up critical data, 51% maintain password best practices, and 50% require multi-factor authentication. Other measures taken include application control, disabling macros in email attachments, and adopting a least privilege stance.
Delinea chief security scientist and advisory CISO Joseph Carson mentioned a number of measures. Some are relatively obvious, such as backing up data regularly, implementing an effective incident response plan, and investing in cyber insurance.
“Organizations should take a more proactive approach to cybersecurity, particularly where they are most vulnerable to these types of attacks; namely identity and access controls,” Carson said. “Through a least-privileged approach based on zero trust principles and enforced by methods such as password vault and multi-factor authentication, organizations can significantly reduce their vulnerability to ransomware attacks.”
Intel 471 Cyber Threat Intelligence Analyst Jeremy Kirk also had suggestions to offer.
“Nowadays, organizations can go from an initial intrusion to a full-blown ransomware incident in a much shorter amount of time,” said Kirk. “Ideally, organizations should catch the first intrusion or subsequent malicious activity. Ransomware actors often focus on exfiltrating sensitive data before the file-encrypting malware is launched, so there is often time to stop a debilitating encryption attack.”
Kirk also urges organizations to subscribe to threat intelligence platforms to track ransomware gangs and their tactics. Using both automated collection tools and human intelligence, these platforms can spot changes in the ransomware scene and provide appropriate advice.
Gain insight into your company’s exposure to ransomware and more with the Security risk assessment checklist from TechRepublic Premium.
