Ransomware transforms, accelerates into 2021

Johannesburg, 25 Mar 2021
Sophos Press Office
Read time 2min 30sec
Ajay Nawani, Head of Sales Engineering, MEA, Sophos.
Ajay Nawani, Head of Sales Engineering, MEA, Sophos.

Ransomware attacks are becoming more prolific, innovative and far-reaching, and no organisation is immune. This is according to Ajay Nawani, director, Engineering, Sophos speaking ahead of a ransomware webinar to be hosted by Sophos in South Africa this month.

Nawani notes the Sophos 2021 Threat Report finds ransomware threat actors continue to innovate both their technology and their criminal modus operandi at an accelerating pace, more ransomware groups now engage in data theft so they may threaten targets with extortion over the release of sensitive private data, the ransoms being demanded have risen precipitously, threat actors are increasingly collaborating and acting like cyber crime cartels, and ransomware attacks that previously took weeks or days now may only require hours to complete.

Even diligent backups are not enough to protect organisations against ransomware impact, Nawani says. “In a number of high-profile ransom attacks where the IT managers had maintained an unaffected backup of critical data, the attackers also stole sensitive data and threatened to release it to the world if the targets failed to pay a bounty. Ransom, and this secondary extortion market, are proving so lucrative that we can expect ransomware to keep growing.

“Our global State of Ransomware 2020 report found that almost three-quarters of ransomware attacks result in the data being encrypted, and that 94% of organisations whose data was encrypted got it back. However, more than twice as many got it back via backups (56%) than by paying the ransom (26%),” says Nawani. “Our research also found that most successful ransomware attacks include data in the public cloud, with 59% of attacks where the data was encrypted involving data in the public cloud. It is clear that cyber criminals are attacking organisations of all sizes, in every sector, and targeting data wherever it is stored.”

The Sophos State of Ransomware report revealed that only 24% of organisations in South Africa said they had been targeted in ransomware attacks in 2019, down from 54% in 2017. This might be attributed to South Africa’s lower GDP and the fact that attackers are targeting the most lucrative targets. “But nobody is immune,” Nawani warns.

The average cost of ransomware remediation in South Africa in 2019 was $266 817 – among the lowest in the world. “But South African businesses can ill afford these costs, along with the losses in business continuity and brand reputation,” Nawani says.

Sophos will host a webinar on Firewall Best Practices to Block Ransomware on Tuesday, 30 March, to outline how ransomware attacks work, how they can be stopped, and best practices for firewall and network configuration. To register for this free event, click here.

See also