• Home
  • /
  • Malware
  • /
  • Ransomware reality check: The threat is real – and costly

Ransomware reality check: The threat is real – and costly

Johannesburg, 06 Dec 2021
Andrew Williams, Cybersecurity Specialist, Mimecast.
Andrew Williams, Cybersecurity Specialist, Mimecast.

There’s a huge disconnect between South African – and international – business leaders’ confidence in their ability to withstand the surging global ransomware pandemic, and the reality of what actually happens when attacks occur.

That’s one of the findings to emerge from Mimecast’s recent global survey of 742 cyber security professionals, published in its appropriately named “State of Ransomware Readiness: Facing the Reality Gap” report.

The survey revealed a dramatic rise in ransomware attacks since the start of the COVID-19 pandemic, with 80% of the organisations surveyed having been targeted in an average of 3 000 attacks, or four per day over the past two years.

Of the survey’s South African respondents, 78% have been attacked in the past two years, with phishing e-mails with ransomware attachments the most prevalent attacks (55%), followed by phishing e-mails leading to a drive-by download (39%).

Commenting on the survey results, Andrew Williams, cyber security specialist at Mimecast South Africa, said the shift to remote work brought on by the COVID-19 pandemic, which resulted in numerous new devices to protect, had left organisations more vulnerable to ransomware attacks through insecure networks.

The cost of these attacks was substantial: The average ransom demanded from South African targets was over R3.2 million (around US$213 884), more than that demanded from their Australian (US$59 066) and German (US$197 727) counterparts. US and Canadian organisations were hit hardest, with ransom demands averaging around $6.3 million and $5.3 million respectively.

Williams noted that despite the fact that 78% of South African respondents claimed that they could get all their data back without paying the ransom, more than half (52%) nevertheless admitted to paying the ransom in full. This is somewhat higher than the global average, where 41% of respondents claimed not to have paid, 39% paid up, and 13% negotiated their payments down.

Given that only 47% of South African respondents reported having file backups that would allow them to avoid having to pay the ransom, or to mitigate the damage from an attack, it’s not really surprising that so many local companies capitulated and paid up.

Given this response, it’s disconcerting that more than two-thirds (67%) of the local participants were confident in their company’s preparedness for ransomware attacks, with 83% believing they could bring their company back to a state of normalcy within five days.

“However, it’s not just the South African respondents who experience this level of disconnection between the consequences of an attack and confidence in their ability to withstand it. Despite only 45% of global respondents having the file backups needed to mitigate an attack, 83% believed they could get all their data back without paying the ransom and 77% – slightly lower than their South African counterparts – believed everything could return to normal within days,” Williams says.

The survey found that successful ransomware attacks can have devastating consequences for organisations. Of all the companies globally that fell victim to a ransomware attack, 42% reported disruption to their organisations. Among South African respondents, the same proportion reported disruption. Globally, 36% faced significant downtime, 28% (SA: 35%) lost revenue; and 21% (SA: 32%) lost current customers or potential business.

In addition, the disruption hit the cyber security executives personally, with 39% (SA: 61%) expressing concern about the security of their jobs following a successful ransomware attack and two-thirds (SA: 56%) stating they would feel very or extremely responsible if a successful attack occurred. Just less than a quarter of global respondents (SA: 19%) saw changes to their C-Suite after a successful attack.

When asked why they felt responsible, 60% (SA: 58%) said it was their job to protect the company; and 48% (SA: 36%) said it would be because they underestimated the risk of a ransomware attack. 

Although 78% of global respondents (SA: 69%) have received incremental budget to help address the ransomware problem, 45% would like budget to fund more up-to-date data security systems. In addition, 46% of global executives (SA: 50%) want more frequent security awareness training for end-users, although 60% of organisations (SA: 53%) already train their employees to recognise e-mail threats that could lead to an attack.

“Large enterprises are most commonly the target of attacks. This is not only because of their ability to pay a big ransom, but also because of the potentially lucrative spin-off gains cyber attackers can exploit, such as selling the data they have obtained to other cyber criminals. However, small and medium-sized businesses, which can be successfully breached at a higher volume, are also vulnerable,” Williams says.

“The bottom line is that ransomware has a devastating impact on all businesses, governments, public services and everyday lives. The problem is complex and the risk is rising. Organisations must prepare for the reality of ransomware. This means doing everything possible to prevent attacks – with layered, best-of-breed security solutions and effective employee awareness training – but also equipping themselves to contain, respond and recover when an attack does get through.”