The most recent Sophos annual examination of real-world ransomware experiences in the power, oil/gas, and utilities sectors – a critical component of the infrastructure supporting companies – delves into the entire victim journey, tracing the path from initial attack fee and root cause to operational impact and enterprise outcomes.
This year’s report illuminates fresh avenues for research within the industry, including a probing examination of ransom demands versus Funds derived from ransom demands are often utilized to support regulatory law enforcement agencies in their efforts to mitigate the impact of attacks on energy, oil, and gas companies, as well as utility providers?
to get the complete findings.
A staggering 67% of energy firms, including power, oil/gasoline, and utility companies, fell victim to devastating ransomware attacks in 2024, mirroring the alarming trend seen in 2023?
To date, nearly all (98%) of power, oil, and gas companies have reported being struck by ransomware attacks, with attackers attempting to breach their backup systems during the initial assault. A staggering 79% of attempted backup compromises prove to be lucrative, making this sector the most successful in terms of profitability.
In 2024, a staggering 80% of ransomware attacks on power, oil/gas and utilities organizations led to data encryption, mirroring the sector’s encryption rate from 2023 (79%), yet surpassing the global average of 70% for that year.
According to estimates, the implied cost of recovery from a ransomware attack for power, oil/gasoline, and utilities companies stood at $3.12 million in 2024, mirroring the $3.17 million figure reported in 2023.
Across industries, 62% of computer systems in power, oil/gas, and utilities sectors experience significant disruption from ransomware attacks, surpassing the sector-wide average of 49%. While many industries exhibit varying levels of cybersecurity preparedness, only a minority of organizations have fully encrypted their entire environments; just about one-fifth of energy, oil/gas, and utility companies (17%) revealed that a staggering 91% or more of their devices were affected.
A staggering 61% of power, oil, and gas companies succumbed to paying ransoms to regain access to their encrypted data, while a mere 51% were able to recover it using backups – a dismal rate lowest across all sectors. For the first time, energy, oil/gasoline, and utility companies have indicated a higher likelihood of paying ransoms rather than utilizing backup systems. Compared globally, a staggering 56% of victims opted to pay the ransom, while a notable 68% leveraged reliable backup systems.
The latest research indicates a significant shift from the previous two-year period, during which the industry experienced remarkable growth in backup usage, with rates peaking at 70% in 2023 and 77% in 2022.
A significant shift in trends has emerged over the past year, as victims have increasingly employed diverse strategies to recover encrypted data, including paying ransoms and leveraging backup systems. In 2024, a significant increase was observed: 35% of power, oil/gasoline, and utilities companies with encryption-knowledge reported employing multiple techniques, surpassing the 26% figure from 2023.
According to 86 survey respondents from the energy sector, whose companies had paid ransoms, the median payment amount stood at a significant $2.5 million in 2024.
Only about 48% of participants reported that their costs accurately reflected the specific requirements requested. Twenty-six percent of respondents reported being paid below their initial ask, while 27 percent received compensation above what they initially sought.
Organizations with significant assets in business, power, oil, gasoline, and utilities tend to be most likely to meet attackers’ demands for a specific ransom amount due to their inherent value and strategic importance. The sector typically exhibiting the second-lowest inclination to settle for prices below market demand.
To gain additional perspectives on ransomware attacks and a wide range of related topics.
The report’s findings are rooted in an independent, vendor-neutral survey conducted by Sophos among 5,000 IT/cybersecurity executives across 14 countries spanning the Americas, EMEA, and Asia Pacific regions, including 275 respondents from the power, oil and gas, and utilities sectors – a vital component of the global infrastructure that underpins business operations. Respondents’ organizations employ between 100 and 5,000 staff members. The study, conducted by analyst expert Vanson Bourne between January and February 2024, invited respondents to share their insights based on events that transpired during the preceding year.
