Sophos study “State of Ransomware 2022″ shows: The average ransom paid in Germany has almost doubled.
According to the Sophos study, this means that the number of companies affected by ransomware in Germany has increased by 20 percent compared to 2020. The average ransom paid by German companies almost doubled to 253,160 euros. The number of companies that paid a ransom sum of 1 million US dollars has increased from zero to 9 percent. 42 percent whose data was encrypted paid the ransom to get their data back – even if they had other means of data recovery, for example through backups.
Victims mostly pay the extortion money demanded
“The survey shows that the proportion of victims willing to pay continues to rise, even when they have other options available to them,” said Chester Wisniewski, principal research scientist at Sophos. “There could be several reasons for this, such as incomplete backups or preventing the publication of stolen data on a public-leaks site.” After a ransomware attack, there is often a lot of pressure to get back up and running as quickly as possible, he said. Restoring encrypted data using backups can be a difficult and time-consuming process. Therefore, it is seemingly tempting to pay a ransom for data decryption because it appears to be a quick option.
Wisniewski: “However, this approach is associated with high risks. Companies do not know what the attackers may have done in the network besides the ransomware attack, for example, installing backdoors for future attacks or copying passwords. If companies don’t thoroughly clean up the recovered data, they could end up with potentially malicious programmes still on their network in the worst case and potentially be exposed to another attack.”
Total costs significantly exceed ransomware
For German companies, the average cost of recovery from a ransomware attack in 2021 was 1,601,615 euros. It took an average of one month to repair the damage and business interruption. 92 per cent of German companies said the attack had affected their ability to operate, and 84 per cent of victims had lost business and revenue.
In Germany, four out of five of the companies surveyed had cyber insurance. In almost all cases, the insurer paid some or all of the costs incurred, but for only 41 per cent the entire ransom demand was covered. In the wake of increased attacks, insurers seem to be finding it increasingly difficult to provide cyber insurance. This is mainly manifested by higher requirements for cyber security measures, more complex or expensive policies and fewer companies offering insurance coverage.