Huge toll of ransomware attacks revealed in Sophos report

Ransomware might be a dreadful enterprise, but nobody could accuse the criminals behind these attacks of being weak on customer service.

They’re always easy to communicate with – just email the address on the screen. And while it’s true they don’t offer many payment options, the one they do, Bitcoin, is fast and reliable to transact in.

Best of all, according to The State of Ransomware 2020 global study conducted earlier this year on behalf of Sophos, organisations that decide to pay to get their data back, do so in an efficient 94% of cases.

What’s the catch? Only greater expense in the long run, major business disruption, the possibility of ongoing regulatory oversight for years, and the small matter of public humiliation and lost business should an attack come to light (which increasingly it does thanks to the attackers).

The research questioned 5,000 IT managers from 26 countries (500 from the US and 200 from the UK) in a range of sectors and company sizes from 100 to 5,000 employees.

That’s a healthy sample size, whose results underline one of the most interesting facts about ransomware that can get lost in the headlines – it now affects anyone, anywhere.

It doesn’t seem to matter how big an organisation is, nor which sector or country you look at. Ransomware is ubiquitous, with half of organisations in the research having experienced an attack during 2019, three quarters of which had their data encrypted.

Ironically, this is despite organisations tightening security to reduce trivial attacks.

How did ransomware respond? By spending more time targeting companies by researching less obvious weaknesses, looking to exploit several at the same time.