APT36, the hackers group linked to Pakistan, has enhanced ElizaRAT with advanced evasion techniques and new payloads.
How prepared are we against ransomware? Perceptions and realities of a growing threat
Ransomware is one of the biggest cyber threats organisations face today. These attacks, which hijack data in exchange for a ransom, not only jeopardise business operations but also result in significant financial and reputational losses.
T
o gain a better understanding of perceptions and realities surrounding ransomware, we conducted a survey on our social media, the results of which reveal insightful data and beliefs. Additionally, we will explore other key issues to broaden our perspective.
Ransomware impact: paying doesn’t guarantee data recovery
44% of the participants in our survey correctly identified that 40% of victims who pay the ransom do not recover their data. This (alarmingly high) figure highlights a critical point: paying the ransom not only fuels the cycle of cybercrime but also provides a false hope of recovery.
Moreover, the average cost of a ransomware attack amounts to approximately $100,000, a figure that includes not only the ransom but also operational disruptions, lost revenue, and recovery expenses. Compared to the investments needed in prevention, such as training and security systems, the difference is staggering and underscores the importance of a proactive strategy.
What percentage of ransomware victims pay the ransom, but do not get their data back?
*Right answer
Most vulnerable sectors: who are the primary targets?
While all organisations are vulnerable to ransomware, certain sectors are particularly attractive targets for cybercriminals. According to studies, the financial sector is the most targeted, due to access to sensitive data and monetary transactions. However, other critical sectors include:
- Healthcare: Hospitals and medical centres are vulnerable due to the volume of sensitive data they handle.
- Education: With limited technological resources and large amounts of personal data.
- Retail: Their interconnected systems and customer databases make them highly appealing targets.
These sectors must prioritise their cyber defences, as the consequences of an attack can be devastating for both operations and the individuals affected.
Recovery time: months or even years
The survey also revealed that 40% of participants believe organisations take months to recover, which roughly aligns with official data. Another 40% think it can take over a year. These responses reflect a harsh reality: recovering from a ransomware attack is neither quick nor easy.
Recovery time depends on various factors, such as prior preparation, backup systems, and the severity of the attack. For sectors like finance or healthcare, where downtime has critical consequences, every lost day can translate into enormous costs.
How long do you think it takes organizations to recover from a ransomware attack?
*Right answer
Attack vectors: phishing remains the primary threat
Phishing remains the leading entry point for ransomware attacks, surpassing software vulnerabilities or insider threats.
In our survey, 38% of respondents believe that 10% of employees click on phishing links, although research indicates that many workers do not admit to falling for the trap, so this percentage may vary widely. Employee education and awareness are key to reducing this risk. Phishing simulations, along with the implementation of advanced filters, can make a significant difference.
What percentage of employees report clicking on a phishing link?
*Right answer
The importance of a disaster recovery plan
A positive aspect is that most participants recognised the importance of having a recovery plan. However, there was some confusion regarding the actual impact of these plans. 77% of respondents overestimated the benefits, believing that companies could recover five times faster with a plan, when studies suggest that the benefits are significant but more moderate. A good recovery plan can accelerate the recovery process by about three times, compared to the absence of a robust protocol.
An effective plan includes:
- Regular backups: Tested and stored offline.
- Incident simulations: To measure the response capability of teams.
- Collaboration with external experts: To minimise errors during recovery.
How much faster do companies recover from ransomware attacks if they have a disaster recovery plan?
*Right answer
Ransomware, a challenge that requires comprehensive preparation
Our survey, along with the additional data analysed, reveals a concerning yet not insurmountable picture. The key lies in adopting a comprehensive approach that includes:
- Ongoing training: Educating employees on how to identify and respond to phishing attempts.
- Technical prevention: Implementing robust security systems, such as firewalls and anti-phishing software.
- Tested recovery plans: Ensuring a quick and effective response in the event of an attack.
The fight against ransomware is far from over. Organisations must adopt a proactive stance, strengthening their defences and preparing to respond effectively to an attack.
Contact our cybersecurity experts now