The number of companies suffering from ransomware attacks is constantly growing; However, it seems that many are now doing something about it and not just succumbing to the attackers' demands.
A Sophos report based on a survey of 5,000 IT and cybersecurity leaders in 14 countries in the Americas, EMEA and Asia-Pacific found that almost all (97%) of those affected by ransomware decided to contact police and government organizations. for help.
More than half (59%) considered the process to be quite simple, and only 10% considered it very difficult.
Ransomware remains a threat
When interacting with authorities and the government, the report found that these organizations receive different types of help, including advice on how to deal with ransomware (61%) and investigative work (60%).
Additionally, 58% of those who encrypted their data received help recovering it.
For Chester Wisniewski, director and field CTO at Sophos, reporting an incident was a big problem because of the frequent embarrassment of victims. Between better legislation and awareness, reporting an incident has become normalized, which has definitely helped improve the situation. “If the public and private sectors can continue to galvanize as a group effort to help businesses, we can continue to improve our ability to recover quickly and gather intelligence to protect others or even potentially hold those carrying out these attacks accountable,” he said. .
While reporting the incident and getting help from the relevant authorities definitely helps, it has not stopped ransomware operators, Sophos said. Citing data from more than 150 incident response (IR) cases in 2023, the company said ransomware was the most frequent type of attack for four consecutive years. In 70% of IR cases investigated by Sophos X-Ops, ransomware was the culprit.
To better address the ransomware threat, companies must move “from simply treating the symptoms of ransomware to preventing those attacks in the first place,” Wisniewski concluded, noting that many organizations still fail to implement key security measures.