Solely 25% of the organizations surveyed by Delinea had been hit by ransomware assaults in 2022, however fewer firms are taking proactive steps to stop such assaults.

There’s excellent news and unhealthy information on this planet of ransomware, in line with a report launched by privileged entry administration firm Delinea. Based mostly on survey outcomes, most of these assaults have decreased over the previous 12 months, however the decline could also be inflicting firms to turn out to be extra complacent — to the purpose that they’re failing to take the required precautions.
The brand new report “Making the Hard Choices for Ransomware Readiness and Response” was based mostly on a survey of 300 IT and safety decision-makers within the U.S. carried out on Delinea’s behalf by Censuswide. The survey analyzed traits in ransomware in 2022 in contrast with 2021.
SEE: Mobile device security policy (TechRepublic Premium)
Soar to:
Fewer victims of ransomware in 2022
The Delinea report discovered:
- Solely 1 / 4 of the respondents stated they had been victims of ransomware assaults in 2022, a major drop from 64% the earlier 12 months.
- Some 56% of organizations with 100 or extra staff had been hit by ransomware in 2022, down from 70% in 2021.
- Over the identical interval, 13% of firms with fewer than 100 staffers had been victimized by ransomware, down from 34%.
Why the decline? Delinea cited just a few doable causes: One issue stands out as the disbanding of the Conti ransomware group into smaller factions; one other trigger is perhaps the better effectiveness of safety instruments in stopping assaults; alternatively, it’s doable fewer victims are reporting ransomware assaults.
Fewer organizations prepared to pay the ransom
The variety of victims prepared to pay ransoms to retrieve their information can be on a downswing: Simply 68% of organizations hit by ransomware in 2022 paid the ransom — whereas nonetheless a majority, this determine is down from 82% the earlier 12 months.
On the similar time, the common ransomware cost has elevated. Funds in instances seen by Palo Alto Networks’ Unit 42 group reached almost $1 million over the primary 5 months of 2022, a bounce of 71% from the identical interval in 2021.
There are just a few the reason why victims could also be much less prepared to pay the ransom:
- The FBI and different authorities have cautioned that paying the ransom doesn’t imply you’ll get your information again.
- Funds encourage criminals to stage extra ransomware assaults in a seemingly countless cycle.
- Extra organizations may very well be turning to efficient information backup instruments to get better their recordsdata.
Victims nonetheless endure the results of cyberattacks
Although fewer firms could have been victims of ransomware final 12 months, those who do get hit endure a number of penalties. Among the many respondents who reported assaults:
- Greater than half (56%) stated they noticed a loss in income.
- Some 43% witnessed harm to their popularity.
- Precisely half (50%) misplaced clients, and 24% needed to lay off staff.
- Solely 3% stated they skilled no repercussions.
Decline in sure measures to stop ransomware
Together with the drop in ransomware assaults has been a decline in sure measures that firms take to guard themselves. Amongst these surveyed, 71% stated they’ve an incident response plan, down from 94% the earlier 12 months. Some 68% stated they presently commit cash from their funds to defend in opposition to ransomware, down from 93% the prior 12 months.
Nonetheless, 76% of organizations hit by a ransomware assault boosted their safety funds in response, up from 72% the prior 12 months. The irony right here is that many IT departments will obtain more cash for his or her safety funds solely after they’ve been attacked.
Ransomware: Essentially the most susceptible areas
Whether or not or not they’re allocating sufficient cash and sources for safety, the IT resolution makers surveyed are actually conscious of the menace that ransomware poses. Requested to determine essentially the most susceptible areas for ransomware assaults:
- Greater than half (52%) recognized e mail.
- Some 42% pointed to software program functions.
- Lower than one-third (29%) acknowledged privileged entry as a menace vector.
- Simply 27% famous the cloud.
- Solely 16% named their endpoints.
Suggestions to stop ransomware assaults
How can organizations higher defend themselves in opposition to ransomware assaults? The respondents cited a number of steps that they’ve taken themselves. Some 53% stated they recurrently replace their techniques and software program, 52% again up vital information, 51% implement password greatest practices and 50% require multi-factor authentication. Different measures taken embrace software management, disabling macros from e mail attachments, and adopting a least privilege posture.
Delinea chief safety scientist and advisory CISO Joseph Carson cited a variety of measures. Some are comparatively apparent, comparable to working frequent information backups, implementing an efficient incident response plan and investing in cyber insurance coverage.
“Organizations ought to take a extra proactive strategy to cybersecurity, particularly the place they’re most susceptible to most of these assaults; particularly identification and entry controls,” Carson stated. “By taking a least privilege strategy, based on zero belief ideas and enforced by strategies comparable to password vaulting and multi-factor authentication, organizations can considerably cut back their vulnerability to ransomware assaults.”
Intel 471 cyber menace intelligence analyst Jeremy Kirk additionally had recommendations to supply.
“As we speak, organizations can go from an preliminary intrusion to a full-blown ransomware incident in a a lot shorter time frame,” Kirk stated. “Ideally, organizations ought to catch the preliminary intrusion or the follow-on malicious exercise. Ransomware actors usually concentrate on exfiltrating delicate information earlier than launching the file-encrypting malware, so usually there may be time to cease a debilitating encryption assault.”
Kirk additionally urges organizations to subscribe to menace intelligence platforms to assist observe ransomware gangs and their techniques. Utilizing each automated assortment instruments and human intelligence, these platforms can spot modifications within the ransomware scene and provide acceptable recommendation.
Perceive your organization’s publicity to ransomware and extra with the Security risk assessment checklist from TechRepublic Premium.