In 2020, ransomware attacks hit 37 per cent of businesses. Following the rise in digital fraud due to the pandemic, in 2021 this number rose by 78 per cent as 66 per cent of businesses were hit with the digital attacks, according to StockApps, the educational hub for beginner and experienced investors.
From the analysis, the increase in the ransomware-as-a-service model increases the reach of ransomware. It lowers the skill level required to conduct an assault, thus, explaining the 78 per cent increase in organisations reporting attacks. In 65 per cent of attacks, adversaries effectively encrypt data, up from 54 per cent in 2020.
StockApps’ financial expert. Edith Reads, pointed this out, “With practically everything available as-a-service, it has become increasingly easy for attackers to execute ransomware in recent times. Second, many cyber insurance companies have begun to cover a wide range of ransomware recovery costs, including the ransom, likely leading to ever-increasing extortion demands.”
Reads also noted that cyber insurance is becoming hard to obtain for most institutions.
She went ahead, “However, the findings suggest that cyber insurance is becoming more difficult to obtain and that ransomware victims may be less willing or able to pay exorbitant ransoms in the future. Unfortunately, this will not lessen the overall danger of a ransomware attack. Because ransomware attacks do not require as many resources as other, more hand-crafted cyber attacks, any profit is a profit worth seizing, and hackers will tend to pick the low-hanging fruit.”
Ransom payments are on the rise
The average ransom payment has climbed significantly over the last year, according to 965 respondents whose organisations paid the ransom. The proportion of victims paying ransoms of $1million or more has nearly tripled in the last year, rising from four per cent in 2020 to 11 per cent in 2021. Simultaneously, those paying less than $10,000 fell from one in three (34 per cent) in 2020 to one in five (21 per cent) in 2021.
Following a ransomware assault, there might be a lot of pressure to restart operations as soon as possible. However, restoring encrypted data via backups can be difficult and time-consuming. It’s tempting to believe that paying a ransom for a decryption key is better.
The data from StockApps indicates that the proportion of victims paying up also continues to increase, even when they may have other options available. There could be various reasons for this, including insufficient backups or a desire to keep stolen data from being exposed on a public leak site. Most organisations pay without minding the cost.
Cyber insurance covered the attacks
In 98 per cent of incidents where victims had insurance, cyber insurance reimbursed all or part of the cost of the attack. This made it easy for them to get back on their feet. However, some respondents felt the strike harmed their institution’s capacity to run, as the cost of recovery was high.
However, the report didn’t contain all bad news, as it noted that institutions are adapting and improving their response to ransomware attacks. Nearly all targeted firms, 99 per cent, can now recover part of their data, up from 96 per cent previously. Backups were employed by nearly three-quarters of respondents (73 per cent) and were the most common technique for recovering data.
The research shows that we’ve reached a point in ransomware’s growth where cybercriminals’ need for ever greater ransom clashes head-on with a tightening of the cyber insurance system as insurers strive to decrease their ransomware risk.