A recent survey on the State of Ransomware found that ransomware attacks are rising in both frequency and complexity, with 72 percent of the survey’s respondents saying that they have experienced an uptick in the volume, complexity, or severity of cyberattacks.

The report by cybersecurity firm Sophos comes from a survey of 5,600 respondents in 31 countries. In all, 66 percent of respondents claimed to have been hit with a cyberattack in 2021, a 78 percent increase from the 37 percent of respondents who said the same in 2020.

“This is a 78 percent increase over the course of a year, demonstrating that adversaries have become considerably more capable at executing the most significant attacks at scale,” the report says. “This likely also reflects the growing success of the Ransomware-as-a-Service model which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack.”

The report also found that 65 percent of attackers encrypted data during their attacks. However, organizations are also getting better at restoring their access to that data. Ninety-nine percent of organizations were able to get at least some of their encrypted data back after a cyberattack.

Seventy-three percent of those who restored access to their data utilized backups to do so, making it the number one way to regain data access. Organizations took multiple routes to that restoration, however, as evidenced by 46 percent of respondents saying they paid a ransom to regain access to their data. In all, nearly 44 percent of victims reported needing to utilize multiple methods to regain access.

“The ransomware challenge facing organizations continues to grow,” the report says. “In the face of this near-normalization, organizations have got better at dealing with the aftermath of an attack: virtually everyone now gets some encrypted data back and nearly three-quarters are able to use backups to restore data.”

With state and local governments increasingly becoming targets of ransomware, the survey recommends organizations do the following:

  • “Ensure high-quality defenses at all points in your environment. Review your security controls and make sure they continue to meet your needs;
  • Proactively hunt for threats so you can stop adversaries before they can execute their attack – if you don’t have the time or skills in house, outsource to a MDR specialist;
  • Harden your environment by searching for and closing down security gaps: unpatched devices, unprotected machines, open RDP ports, etc.. Extended Detection and Response (XDR) is ideal for this purpose;
  • Prepare for the worst. Know what to do if a cyber incident occurs and who you need to contact; and
  • Make backups, and practice restoring from them. Your goal is to get back up and running quickly, with minimum disruption.”
Read More About
Lamar Johnson
Lamar Johnson
Lamar Johnson is MeriTalk SLG's Staff Reporter covering the intersection of government and technology.