Less than 10% of enterprises that have paid criminals have managed to recover all data lost to ransomware attacks.

The percentage of Polish companies attacked by ransomware has fallen, with 13% experiencing it in the last year, according to a Sophos study. However, it is more difficult to remove the effects of an attack. It costs Polish companies on average PLN 1.49 million. Over the past year, total losses caused by ransomware have more than doubled. Survey confirms it’s not worth paying criminals – less than 1 in 10 companies that have done so have managed to recover all data.

Ransomware costs twice as much

Almost half (46%) of Polish medium and large companies as a result of a ransomware attack lost from 50 to even 254 thousand. gold. 31% incurred costs between PLN 2.5 million and PLN 5 million – related to business downtime, lost orders, operating costs, penalties related to inadequate data security, etc. During the last year, a total of The cost of ransomware remediation has more than doubled: from 761 thousand. up to $1.85 million. This is 10 times more than the average value of the ransom paid (170 thousand PLN). dollars).

Ransomware an ineffective way to recover data

The percentage of companies that have fallen victim to ransomware has dropped globally, from 51% in 2020 to 37% in 2021. Poland notes one of the lowest indicators – 13% companies against which an attack has been attempted, up from 28% in 2020. This may be due to Poland’s lower GDP, and thus less chance of criminals obtaining a valuable ransom. Conversely, more companies are paying to unlock data – 26% worldwide a year ago, 32% in 2021. However, only 8% of them managed to recover all their assets; one in three recovered less than half of the information.

– Visible decrease in the percentage of companies affected by ransomware probably means that criminals change their strategy. Instead of massive, automated attacks, use targeted, enterprise-specific attacks. The overall number of attacks is therefore lower, but it is more difficult to neutralize their effects, and the value of the damage caused is growing rapidly. Data recovery can take years, and there is no guarantee that it will be successful. Criminals’ use of low-quality or hastily created malicious code can make it difficult or even impossible to decrypt assets, even when a company pays the ransom – indicatesGrzegorz Nocoń, system engineer at Sophos.

Polish companies with better protection

Medium and large Polish companies are getting better at protecting themselves against cyber threats. 43% declares that it has detailed data recovery plan after the attack. Of the companies against which a ransomware attack has been attempted, as many as 77% have blocked it before the data has been encrypted. Only 15% of incidents were successful and criminals blocked access to information.

A ransomware attack is expected 6 out of 10 companies, who have not yet experienced it. More than half (54%) indicate that cyber attacks are now too advanced, to stop them. 39% anticipate an attack because others in their industry have already experienced it. One in three (27%) Polish companies assume they will not fall victim to ransomware. As many as 3 out of 4 indicate that IT professionals are appropriately trained to stop attacks and have effective security solutions. 63% has backups, that will restore business operations.

– Increasingly, ransomware attacks involve not only encrypting data, but also demanding a ransom for withholding stolen information. That’s why it’s important to have layered protection that stops criminals before they can even enter a company’s network. To reduce

the cost of neutralizing an attack, it’s a good idea to develop a business recovery plan and use a 3-2-1 approach – three sets of backups, on two different media, one of which is stored offline. However, if the company falls victim to an attack, it does not have to face the criminals alone. There are third-party expert center services on the market that offer expert support and 24/7 response – says Grzegorz Nocoń.

About the study

Testing State of Ransomware 2021 was conducted by independent research agency Vanson Bourne in January and February 2021. The study interviewed 5,400 IT decision makers in 30 countries: USA, Canada, Brazil, Chile, Colombia, Mexico, Austria, France, Germany, UK, Italy, Netherlands, Belgium, Spain, Sweden, Switzerland, Poland, Czech Republic, Turkey, Israel, UAE, Saudi Arabia, India, Nigeria, South Africa, Australia, Japan, Singapore, Malaysia and the Philippines. Respondents came from companies employing between 100 and 5 thousand. employees.