Close of 92% of victims de ransomware they cannot recover all their data, even after paying ransom to cybercriminals, according to a Sophos study published by Forbes.
Even so, the number of companies that decide to respond to the economic demands of the “bandits” is 32% in 2021, 6% more than in 2020. Of these, only 8% managed to obtain complete information. And almost a third, 29% failed to recover more than half of the encrypted data.In addition, although the number of people affected by this attack decreased from 73% to 54% in 2021, this statistic is mitigated by the new reality of threatening behavior. "It went from generic large-scale attacks to more targeted violations, based on employee behavior," said Chester Wisniewski, principal investigator at Sophos. Therefore, the potential for damage is greater. And, these attacks involve the leakage of data as a rule and the publication or sale of the same. "It is more difficult to recover and repair costs are doubling."
In this last aspect, the report highlights that the average cost of recovering ransomware attacks is now $ 1,85 million, up from 761.106 a year ago. However, the amount of ransoms varies substantially, depending on the size of the affected organization and the value of the stolen data. The average payout for companies is $ 170.404. This means that the repair cost is 10 times higher than the payment of ransoms.
One of the main conclusions of the study is that it is not worth paying for a ransomware rescue. “For a small but significant minority of respondents, the attacks involve payment requests without data encryption. It is likely that they demanded a payment in return just for not filtering out the stolen information.