The recently published “State of Ransomware 2023” report by Sophos provides valuable insights into the current ransomware landscape in the Asia Pacific and Japan (APJ) region. According to the report, the rate of ransomware attacks in APJ decreased slightly in 2022, with 68% of surveyed organizations reporting being victims of ransomware, down from 72% the previous year. Additionally, adversaries successfully encrypted data in 71% of these attacks, with 49% of affected organizations choosing to pay the ransom. While this payment rate is slightly lower than the previous year’s 55%, it remains higher than the global average of 47%.
Globally, the survey highlights that organizations that paid the ransom to decrypt their data ended up doubling their recovery costs, spending an average of US$750,000 compared to US$375,000 for organizations that relied on backups. Moreover, paying the ransom often resulted in longer recovery times, with 45% of organizations using backups recovering within a week, compared to 39% of those who opted to pay.
Chester Wisniewski, field CTO at Sophos, expressed concern over the high rate of encryption, which still stands at 71%. He highlighted the evolving tactics of ransomware crews, who are refining their attack methodologies and accelerating their operations to limit defenders’ response time.
Wisniewski further emphasized that paying ransoms not only enriches cybercriminals but also hampers incident response and adds additional costs to an already devastating situation. He stressed the importance of organizations relying on backups to rebuild and recover their data, as purchasing encryption keys often fails to restore all files.
When examining the root causes of ransomware attacks in APJ, the report found that the most common factors were exploited vulnerabilities (37% of cases) and compromised credentials (28% of cases). These findings align with Sophos’ 2023 Active Adversary Report for Business Leaders, which revealed similar incident response patterns in the field.
On a global scale, the report unveiled additional key findings:
- In 30% of cases, data was not only encrypted but also stolen, indicating an increasing prevalence of data exfiltration tactics.
- The education sector experienced the highest level of ransomware attacks, with 79% of higher education organizations and 80% of lower education organizations reporting victimization.
- Overall, 46% of organizations that had their data encrypted paid the ransom. Larger organizations, especially those with revenues over $500 million and $5 billion, exhibited higher payment rates, potentially due to having standalone cyber insurance policies that cover ransom payments.
Wisniewski concluded by emphasizing the need to reduce both the time to detect and respond to ransomware attacks. He highlighted the effectiveness of human-led threat hunting and the importance of investigating alerts promptly to evict criminals from systems within hours or days. Wisniewski also stressed the importance of maintaining round-the-clock vigilance to mount an effective defense.
Sophos recommends the following best practices to defend against ransomware and other cyberattacks:
- Strengthen defensive shields with robust security tools, including endpoint protection with anti-exploit capabilities, Zero Trust Network Access (ZTNA), and adaptive technologies that respond automatically to attacks.
- Implement 24/7 threat detection, investigation, and response through in-house capabilities or specialist Managed Detection and Response (MDR) providers.
- Optimize attack preparation by regularly backing up data, practicing data recovery from backups, and maintaining an up-to-date incident response plan.
- Maintain good security hygiene, including timely patching and regular review of security tool configurations.
The “State of Ransomware 2023” report gathered data from a vendor-agnostic survey of 3,000 cybersecurity and IT leaders between January and March 2023. Respondents were from organizations in 14 countries across the Americas, EMEA, and Asia Pacific and Japan. The surveyed organizations had 100 to 5,000 employees, with revenue ranging from less than US$10 million to over US$5 billion.
17 May 2023