Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The State of Ransomware 2020

Fight Against the Rise of Ransomware 2020 with Netpluz
Webinar 25 September 2020

  • Be the first to comment

The State of Ransomware 2020

  1. 1. The State of Ransomware 2020
  2. 2. 5,000 Respondents Across 26 Countries 2 Country # Respondents Country # Respondents Country # Respondents Australia 200 India 300 Singapore 200 Belgium 100 Italy 200 South Africa 200 Brazil 200 Japan 200 Spain 200 Canada 200 Malaysia 100 Sweden 100 China 200 Mexico 200 Turkey 100 Colombia 200 Netherlands 200 UAE 100 Czech Republic 100 Nigeria 100 UK 300 France 300 Philippines 100 U.S. 500 Germany 300 Poland 100
  3. 3. Respondents from Organizations between 100 and 5,000 Users 3 50% 1,001 – 5,000 employees 50% 100 – 1,000 employees
  4. 4. Respondents from Multiple Sectors 4 Sector # respondents % respondents IT, technology and telecoms 979 20% Retail, distribution and transport 666 13% Manufacturing and production 648 13% Financial services 547 11% Public sector 498 10% Business and professional services 480 10% Construction and property 272 5% Energy, oil/gas and utilities 204 4% Media, leisure and entertainment 164 3% Other 542 11%
  5. 5. The Prevalence of Ransomware
  6. 6. 6 1 in 2 Organizations Hit By Ransomware Last Year 2017 In the last year, has your organization been hit by ransomware? Base 5,000 (2020), 1,700 (2017). 54% 2020 51%
  7. 7. 7 Size Doesn’t Matter 1,001-5,000 employees In the last year, has your organization been hit by ransomware? Base 5,000 47% 54% 100-1,000 employees
  8. 8. Attack Levels Vary Across the Globe 82% 65% 63% 60% 60% 59% 58% 57% 55% 53% 53% 52% 52% 49% 48% 48% 45% 44% 44% 42% 41% 40% 39% 30% 28% 24% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% % organizations hit by ransomware in the last year Global Average 51% In the last year, has your organization been hit by ransomware? Base 5,000
  9. 9. 60% 56% 55% 54% 50% 49% 49% 48% 46% 45% 0% 10% 20% 30% 40% 50% 60% 70% Media, leisure, entertainment IT, technology, telecoms Energy, oil/gas, utilities Other Business and professional services Construction and property Retail, distribution and transport Financial services Manufacturing and production Public sector Public Sector Suffers Fewest Ransomware Attacks Global Average51% In the last year, has your organization been hit by ransomware? Base 5,000 % respondents hit by ransomware in the last year
  10. 10. The Impact of Ransomware
  11. 11. Criminals Succeed in Encrypting Data in 3 Out of 4 Attacks 11 Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Yes No 24% Attack stopped before the data could be encrypted 73% Cybercriminals succeeded in encrypting data 3% Data not encrypted but victim still held to ransom
  12. 12. Attacks Most Likely to Succeed in Japan Global Average Percentage of respondents that answered ‘No, the attack was stopped before the data could be encrypted’ to: Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Base 2,538. 24% 5% 8% 8% 11% 17% 17% 17% 17% 19% 20% 22% 22% 22% 23% 24% 25% 26% 30% 31% 33% 35% 36% 38% 44% 51% 0% 10% 20% 30% 40% 50% 60% Percentage of organizations that stopped the attack before the data was encrypted
  13. 13. Data In the Public Cloud Is a Mainstream Target 13 On premises/ private cloud data 41% Data in the public cloud 35% Data in the public cloud and on premises/ private cloud 24% Includes data in the public cloud59% Did the cybercriminals succeed in encrypting your organization’s data in the most significant ransomware attack? Data only represents respondents whose organization’s data had been encrypted in the most recent ransomware attack . Base 1,849
  14. 14. One in Four Victims Paid the Ransom to Get Their Data Back Did your organization get the data back in the most significant ransomware attack? Question only seen by respondents whose organization had a ransomware attack where data was encrypted. Base 1,849 26% Pay the ransom
  15. 15. India and Sweden Most Likely to Pay the Ransom 15 Global Average 26% Percentage of respondents that answered “Yes, we paid the ransom” to: Did your organization get the data back in the most significant ransomware attack? Question only seen by respondents whose organization had a ransomware attack where data was encrypted. Base 1,849. Percentage of organizations that paid the ransom to get their data back 0% 10% 20% 30% 40% 50% 60% 70%
  16. 16. Almost Everyone Gets Their Data Back Did your organization get the data back in the most significant ransomware attack? Base 1,849 73% Of attacks result in data being encrypted 94% Of victims get their data back 56% Used backups to get the data back
  17. 17. Ransomware Remediation Cost Varies By Size 17 What was the approximate cost to your organization to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.)? Question only seen by respondents whose organization had been hit by ransomware in the last year. Base 2,538 1,001-5,000 employees US$505,827 US$981,140 100-1,000 employees Global average US$761,106
  18. 18. Ransomware Costs Vary By Country 18 $ 0.00 $ 500,000.00 $ 1,000,000.00 $ 1,500,000.00 $ 2,000,000.00 $ 2,500,000.00 $ 3,000,000.00 Global Average US$ 761,106 What was the approximate cost to your organization to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.)? Question only seen by respondents whose organization had been hit by ransomware in the last year. Base 2,538
  19. 19. Paying the Ransom Doubles the Cost 19 Did your organization get the data back in the most significant ransomware attack? Base 1,849. Paid the ransom combines responses "Yes, we paid the ransom" and "No, even though we paid the ransom". Didn’t pay the ransom combines responses "Yes, we used backups to restore the data", "Yes, we used other means to get our data back" and "No, we didn’t pay the ransom". US$732,520 Didn’t pay the ransom Paid the ransom US$1,448,458
  20. 20. The Role of Insurance
  21. 21. 1 in 5 Have Patchy Cybersecurity Insurance 21 have cybersecurity insurance Does your organization have cybersecurity insurance that covers it if it is hit by ransomware? Base 5,000 84% have cybersecurity insurance that covers ransomware 64% 20% Paying for cybersecurity insurance that DOESN’T cover ransomware
  22. 22. Cybersecurity Insurance By Country 22 Has cybersecurity insurance Has cybersecurity insurance that covers ransomware Does your organization have cybersecurity insurance that covers it if it is hit by ransomware? Base 5,000 94% 94% 93% 91% 90% 89% 89% 88% 88% 85% 85% 84% 83% 81% 81% 81% 81% 81% 80% 77% 77% 76% 74% 74% 71% 70% 80% 82% 57% 70% 75% 75% 57% 70% 68% 55% 68% 62% 70% 65% 61% 49% 61% 69% 48% 57% 50% 64% 58% 56% 44% 45% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
  23. 23. Public Sector Is Most Exposed to Ransomware Costs 23 72% 70% 68% 66% 63% 62% 62% 62% 61% 51% 0% 10% 20% 30% 40% 50% 60% 70% 80% Financial services IT, technology, telecoms Business and professional services Media, leisure, entertainment Manufacturing and production Energy, oil/gas, utilities Construction and property Retail, distribution and transport Other Public sector Global Average 64% Does your organization have cybersecurity insurance that covers it if it is hit by ransomware? Base 5,000 Percentage of organizations with insurance against ransomware
  24. 24. Is Cybersecurity Insurance Fueling Ransom Payments? 24 The percentage of respondents that selected ‘Yes we paid the ransom’ and said the cybersecurity insurance paid the ransom. 26% 94% Ransomware attacks resulted in data being encrypted 73% Organizations whose data was encrypted paid the ransom Organizations that paid said the cybersecurity insurance paid the ransom
  25. 25. Ransomware Attack Techniques
  26. 26. 26 Attacks Use Multiple Tactics to Breach Your Defenses How the ransomware got into the organization # % Via a file download/email with malicious link 741 29% Via remote attack on server 543 21% Via email with malicious attachment 401 16% Misconfigured public cloud instances 233 9% Via our Remote Desktop Protocol (RDP) 221 9% Via a supplier 218 9% Via a USB/removable media device 172 7% Other 0 0% Don’t know 9 0% Total 2,538 100% How did the ransomware attack get into your organization? Question asked to respondents whose organization had been hit by ransomware in the last year. Base 2,538
  27. 27. Recommendations
  28. 28. To Sum Up… 28 Ransomware remains a real risk Assume you WILL be hit One in four victims stop the attack Invest in anti-ransomware technology Data in the public cloud is at risk Protect data wherever it’s held Backups work Keep them offsite and offline Beware of patchy cyber insurance Get covered for ransomware Attackers try and try again Deploy a multi-layered defense
  29. 29. 29 File download/email with malicious link Remote attack on server Email with malicious attachment Misconfigured public cloud instances Remote Desktop Protocol Supplier USB/ Removable media 21% 9% 7%29% 16% 9% 9%
  30. 30. We notifyyouaboutthedetectionand providedetail tohelpyouinprioritizationandresponse Notify We workwithyourinternalteamorexternal point(s)ofcontacttorespondtothedetection Collaborate We handlecontainmentandneutralization actionsandwillinformyou oftheaction(s)taken Entrust Response Methods Automaticresponseto“strongsignals” Automated Aggregationandinvestigationof“weaksignals” Lead-Driven MethodologyHunting Lead-Less Threat Hunting Expert-Led Threat Response Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. Sophos MTR
  31. 31. 32 Sophos+ Netpluz +
  32. 32. Any questions?
  33. 33. Insurance Coverage Varies 35 Cost # respondents % respondents Paid clean-up costs only 535 31% Paid the ransom only 326 19% Paid the ransom and clean-up costs 287 17% Paid clean-up and other costs 209 12% Paid other costs only 138 8% Paid the ransom, clean-up and other costs 127 7% Paid the ransom and other costs 23 1% No only 84 5% Don't know only 5 0% Total 1734 100% Did the cybersecurity insurance pay out to address the costs associated with the most significant ransomware attack that your organization suffered? Base 1,734
  34. 34. Secure The Public Cloud with Sophos Cloud Storage & Databases Cloud Virtual Machines Containers & Serverless Network FirewallingVulnerability Analysis Identity Security Workload Protection

×