"Ransomware Encryption Rates Reach New Heights"

According to security researchers at Sophos, the share of ransomware victims whose data was encrypted by their extorters grew to 76% over the past year.  In a new study, the researchers conducted interviews with 3000 cybersecurity/IT leaders carried out in the first quarter of 2023.  Responding organizations were located in 14 countries and had between 100 and 5000 employees, with revenue ranging from less than $10m to more than $5bn.  The researchers noted that the encryption rate in 2022 is the highest since tracking began in 2020 when it was 73%.  The researchers claimed this is evidence of an "ever-increasing skill level of adversaries who continue to innovate and refine their approaches." The researchers noted that only the IT, technology, and telecoms sector managed to buck the trend, with an encryption rate of just 47%.  In just under a third (30%) of cases where data was encrypted, it was also stolen in double extortion attacks.  However, only in 3% of cases were victims held to ransom without data being encrypted.  The researchers stated that interestingly, those who choose to pay their extorters double recovery costs: from an average of $375,000 for those who use backups to $750,000.  They also run the risk of extending recovery times: 45% of organizations using backups recovered within a week versus 39% of those that paid the ransom.  Around half (46%) of victims that had data encrypted elected to pay a ransom, rising to over half for higher-wealth businesses more likely to have standalone cyber-insurance policies.

Infosecurity reports: "Ransomware Encryption Rates Reach New Heights"