Only 13% of organizations fully recover data after a ransomware attack

Ransomware attacks are disrupting and undermining business operations and draining revenue streams, according to Illumio.

Findings from the study reveal that 58% of organizations had to shut down operations following a ransomware attack, up from 45% in 2021. 40% reported a significant loss of revenue (up from 22% in 2021); 41% lost customers; and 40% had to eliminate jobs.

Attackers are reaching critical systems to cause maximum disruption

Ransomware attacks impacted 25% of critical systems, with systems down for 12 hours on average. On average, it took 17.5 people, 132 hours each to contain and remediate their largest ransomware attack. 35% experienced significant brand damage from an attack (up from 21% in 2021).

44% lack the ability to quickly identify and contain attacks, and only 27% have implemented microsegmentation – a vital control for stopping the spread of breaches.

“Ransomware is more pervasive and impactful than ever, with more organizations forced to suspend operations or experiencing major business failure because of attacks,” said Trevor Dearing, Director of Critical Infrastructure at Illumio. “Organizations need operational resilience and controls like microsegmentation that stop attackers from reaching critical systems. By containing attacks at the point of entry, organizations can protect critical systems and data, and save millions in downtime, lost business, and reputational damage.”

Since 2021, more organizations are assigning responsibility for stopping ransomware attacks to one organizational function. 92% of respondents
say one person or function is most responsible for addressing the threat of ransomware. The most responsible are the CISO (21% of respondents)
or the CIO/CTO (21% of respondents). In 2021, 82% of respondents said one person or function was most responsible.

Cloud and hybrid environments remain weak links

The increased connectivity of business systems and devices is making it harder for organizations to defend against ransomware attacks. Organizations perceive the cloud as being the most vulnerable, and 35% say a lack of visibility across hybrid environments makes it difficult to respond to ransomware attacks.

Desktops and laptops remain the most compromised devices (50%), with phishing and Remote Desktop Protocol (RDP) cited as top entry points for ransomware. Most attacks moved across the network to infect other devices. In 52% of these cases, attackers exploited unpatched systems to move laterally and escalate system privileges; up significantly from 33% in 2021.

According to the research, 29% of IT budgets are allocated to staff and technologies meant to prevent, detect, contain, and resolve ransomware attacks, yet attacks are still successful. 88% of organizations have fallen victim to a ransomware attack, despite 54% being confident in their security posture.

Organizations are also taking a chance on ransomware recovery and failing. 52% of respondents believe having a full and accurate backup is a sufficient defense against ransomware. Yet only 13% were able to recover all impacted data following a ransomware attack.

Organizations are slow to adopt AI to combat ransomware

72% of those that experienced a ransomware attack didn’t report it to law enforcement. Top reasons for not reporting include fear of publicizing the incident (39%); a payment deadline (38%); and fear of retaliation (38%). 47% of respondents say data exfiltration and 45% of respondents say DDoS are the primary tactics used to exert pressure.

40% are confident in the ability of employees to detect social engineering lures (up from 30% in 2021), however, insider negligence is the top challenge when responding to ransomware attacks.

Only 42% have specifically adopted AI to help combat ransomware, and 51% are concerned their organization may experience an AI-generated ransomware attack.

An effective backup strategy can motivate organizations to not pay the ransom. 49% of respondents did not pay the ransom. According to the research, many organizations are not willing to pay the ransom even if it means losing data.

The top two reasons for not paying the ransom are compromised data wasn’t critical (49% of respondents) and there was an effective backup strategy (48% of respondents). 40% say that despite paying the ransom the data was still leaked or misused, and 32% say the attacker demanded further payment or threatened more attacks.