A Sophos analysis of the global ransomware attack landscape

Sophos, the company I am the director of in Brazil, develops a study every year that examines the behavior of companies from different industries, with different incomes and number of employees, in the global and Brazilian market, and how ransomware behaves in front of them. .

Last month saw the release of version 2023 of The State of Ransomware, which surveyed 3,000 companies in 14 countries – 200 of them in Brazil. The companies covered in the study have between 100 and 5,000 employees (50% between 100 and 1,000 and 50% between 1,001 and 5,000), as well as annual revenues of between $10 million and $5 billion.

The percentage of organizations affected by ransomware remained stable in the new survey, showing that adversaries are able to consistently carry out large-scale attacks, with a global response rate of 66% reporting ransomware victims in 2022.

There was a 24 percent increase in this rate specific to Brazil.Compared to the previous year, 68% of Brazilian companies reported being victims of ransomware – 2% above the global average.

verticals education, construction, government, media and retail were the hardest hit by such incidents. (72% on average) and technology, telecommunications and manufacturing were the least affected sectors (average 56%) according to the survey.

As a result of the research, we realized that the income of the companies is a more important factor than the number of employees, mainly due to the redemption power of the companies with high income. Exploiting vulnerabilities (36%), followed by compromised credentials (29%), malicious email (18%), and phishing (13%) were the biggest ways to launch ransomware attacks on these companies.

Among hacked companies, 76% reported encrypting their data, compared to 65% in 2021. increasing complexity and effectiveness of attacks. However, an alarming fact that also affects Brazil is the new double-effect method; 30% of respondents, in addition to encrypted data, this information was stolen for use in a later extortion.

There was a 70% reduction in backup usage for data recovery (compared to 73% in the previous year). However, the ransom payment still remained very high worldwide (46% of the total number of participants).

At this particular point, Brazil presented a negative data: 55% of the interviewees reported the ransom payment, and Brazil was number one in this trend.

With this placement, Brazil encourages more attacks, as it is a country more likely to pay ransom and attracts even more criminals as events in the country grow – to give you an idea, the median value of a ransom. It was around US$400,000. Besides, 85% of Brazilian companies report losing business and revenue due to ransomware attack.

Other interesting data from the study worth highlighting are::

• Ransomware remains a major threat regardless of an organization’s revenue, geography or industry;
• Enemies continue to develop their attacks, encrypting data more often than ever;
• In addition to encryption, data theft is much more common now. Brazil is the world leader in ransom payment;
• The financial and operational impacts of ransomware increased from 2021;
• There are several advantages to using backups instead of paying the ransom – but backup usage has dropped;
• Annual revenue has a greater impact on ransomware experience than headcount.

Sophos makes some recommendations for companies with such frightening data:

• Strengthening defensive shields

  o Protection against the most common attack vectors;

  o Adaptive technologies that automatically respond to an attack;

  o 24/7 threat detection, investigation and response.

• Optimization to prepare for an attack

  o Regular backups;

  o Application to recover data from backups;

  o Maintaining the incident response plan.