92% of Organizations That Pay the Demanded Ransom Do Not Get All of Their Data Back

The Sophos’ State of Ransomware 2021 report has many significant findings for organizations of all sizes. Most notably, consider the following statistic: 92% of organizations who choose to pay a ransom do not get all of their data back.

This leads to a key question: is it ever worth it to pay the ransom?

Let’s dig into the Sophos report more. Here are the other significant findings: 

  • In 2020, there was a 40% surge in global ransomware attacks compared to 2019.
  • The average organization that paid a ransom got back just 65% of their data.
  • Ryuk ransomware was the most common form of ransomware, used by ⅓ of all ransomware attacks in the 3rd quarter of 2020.
  • In 2021, ransomware declined from 51% of organizations targeted in 2020 to only 37% target in 2021. 
  • Data encrypted by hackers went from 73% in 2020 to 51% in 2020 (12 month period).

What caused the surge in ransomware attacks in 2020, and thus the organizations that felt forced to pay up? In short, a specific word: Covid. Covid caused a significant shift in the workplace, mainly a shift towards a majority remote workforce throughout the globe. This led to significantly increased vulnerabilities for organizations, as employees accessed company information from unsecured networks in various locations—all in all, a literal cybersecurity nightmare. 

Since cyber attackers have held firm to their foothold, the sheer number of active cyber attacks has increased tremendously, as has the success of their methods along with it. From Q3 of 2019 to Q3 of 2020, Ryuk detections went from only 5,123 to 67.3 million in 2020. The overall number of ransomware detections peaked at 200 million worldwide in 2020. Luckily, according to Sophos’ report, the total number of ransomware attacks has thus far declined slightly in 2021. Data encrypted by hackers is also thankfully on the decline.

Does this mean ransomware is on its way out as we head into 2022?

Not so fast. For one, while the number of attacks may have gone down, the quantity of single ransomware payments has gone up. This tells us that hackers are gaining confidence, asking for larger payments in single attacks. While there may be a lesser number of attacks, the effects are equally as detrimental. 

It also tells us that hackers are getting smarter. Ransomware is not the only way that cybercriminals are infiltrating organizations. 

Businesses need to stay vigilant. A growing financial incentive is bringing more players to the cybercrime game. Your organization is still a target. Make sure you have a comprehensive IT security plan. PK Tech can help your organization protect itself. Get in touch with us here.