June, 7, 2023
68% of APJ organisations surveyed reported they were a victim of ransomware compared to 72% the year before
Sophos, a global leader in innovating and delivering cybersecurity as a service, today released its annual “State of Ransomware 2023” report, which found that the rate of ransomware attacks declined slightly in Asia Pacific and Japan (APJ) in 2022 with 68 per cent of organisations surveyed saying they were a victim to ransomware compared to 72 per cent the year before. In 71 per cent of ransomware attacks against surveyed organisations, adversaries succeeded in encrypting data with 49 per cent of those that had data encrypted paying the ransom, down slightly from last year’s rate of 55 per cent and higher than the 2023 global average of 47per cent.
On a global scale, the survey shows that when organisations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs (US$750,000 in recovery costs versus US$375,000 for organisations that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.
“Although dipping slightly from the previous year, the rate of encryption remains high at 71 per cent, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes," said Chester Wisniewski, field CTO, Sophos.
“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.
When analysing the root cause of ransomware attacks on APJ organisations, the most common was an exploited vulnerability (involved in 37% of cases), followed by compromised credentials (involved in 28% of cases). This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.
Additional key global findings from the report include:
“While it’s great to see a slight decline in the number of APJ organisations victimised by ransomware in 2022 compared to 2021, there is still a long way to go. The key to continually lowering this number is to work to aggressively lower both time to detect and time to respond. Human-led threat hunting is very effective at stopping these criminals in their tracks, but alerts must be investigated, and criminals evicted from systems in hours and days, not weeks and months. Experienced analysts can recognise the patterns of an active intrusion in minutes and spring into action. This is likely the difference between the 30 per cent who stay safe and the 70 per cent who do not. Organisations must be on alert 24x7 to mount an effective defense these days,” said Wisniewski.