Singapore worst-hit with ransomware

The rate of ransomware attacks on Singaporean organisations increased considerably in 2022 with 84% of organisations surveyed saying they were a victim of ransom from 65% the year before, according to Sophos.

The State of Ransomware 2023 report shows that, this increase meant that Singapore reported the highest rate of ransomware attacks of all countries surveyed this year.

The report is based on a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023. Respondents were based in 14 countries across the Americas; Europe, Middle East and Africa, and Asia-Pacific and Japan.

Results show that in 61% of attacks on surveyed organisations, adversaries succeeded in encrypting data with 53% of those who had data encrypted paying the ransom to get their data back. This is up from 48% last year and higher than the global average of 47%.

Globally, the survey also shows that when organisations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs (US$750,000 in recovery costs versus $375,000 for organisation that used backups to get data back). 

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.

“Rates of encryption are very high, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos.

“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well,” said Wisniewski. “Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation.”

When analysing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 43% of cases), followed by compromised credentials (involved in 26% of cases). 

In 30% of cases where data was encrypted, data was also stolen, suggesting this “double dip” method (data encryption and data exfiltration) is becoming commonplace.

The education sector reported the highest level of ransomware attacks, with 79% of higher education organisations surveyed and 80% of lower education organisations surveyed reporting that they were victims of ransomware.

Overall, 46% of organisations surveyed that had their data encrypted paid the ransom. However, larger organisations were far more likely to pay. 

In fact, more than half of businesses with revenue of $500 million or more paid the ransom, with the highest rate reported by those with revenue over $5 billion. This could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments.