The financial and operational consequences of a ransomware attack are devastating enough. If cybercriminals succeed in compromising or encrypting backups, the likelihood of a company paying at least double the ransom is high. According to a study by Sophos, involving 2,974 IT and cybersecurity professionals across 14 countries, the overall costs of restoration skyrocket eightfold for organizations whose backups are affected, compared to those that do not experience such incidents.
Cybercrime is all about money – a lot of money. Therefore, all ransomware groups are now attempting to compromise backups to significantly increase the pressure for extortion. A staggering 94% of ransomware victims in Sophos’ latest study found that cybercriminals attempted to encrypt backups as well. The variability of this percentage is marked across the studied industries on a high level. Across government agencies at the state and local levels, as well as in the media, leisure, and entertainment sectors, a staggering 99 percent of entities had this issue. In the areas of Sales and Transportation, a mere 82% saw the fewest backup compromise attempts detected.
The attempt to compromise backups in order to extort higher sums is hardly a success. While many cybercriminals achieve their goals in most attacks. Notably, this is evident in the Sophos study’s comparison of various industries. Across all industries, a staggering 57 percent of cybercriminals succeeded in compromising or encrypting backups.
Across sectors such as Energy, Oil and Fuel, and Supply Companies, the success rate stood at 79 percent, while in Education it reached 71 percent. In contrast, the success rate in IT, technology, and telecommunications is a mere 30 percent, while in individual retail it stands at a modest 47 percent. It appears likely that companies and organizations from the fields of IT, telecommunications, and technology possess stronger backup protection or were possibly able to detect and stop compromise attempts in a timely manner.
Ransomware payments by companies whose backups have been compromised typically range from $1 million to $2 million. According to a study, the average cost per compromised record in US dollars was significantly higher for organizations whose backups were intact, at $1.06 million, compared to those that suffered data breaches with no backup integrity. US-Greenback). Furthermore, companies and organizations with compromised backups were much less able to negotiate a ransom payment. They paid an average of 98% of the demanded amount. In stark contrast, however, victims of ransomware attacks who retained pristine backups were able to negotiate down the ransom demand by 82 percent.
Additional detailed information is available in the Sophos whitepaper “” that provides further insights into these topics.
