Today, ransomware attacks have gone from using highly customised software to a system where it's become the malevolent equivalent of software-as-a-service - ransomware-as-a-service (RaaS). These attacks are high volume, low ransom events where the developers sell their malicious packages (or take a cut of the ransom) to less sophisticated cybercriminals. These cybercrooks then take a shotgun approach, in the hope that a percentage will stick and the victim will be forced to pay a fee to have their data decrypted.
With this in mind it is no wonder that 59% of Malaysian organisations not hit by ransomware last year expect to be hit in the future, according to the Sophos State of Ransomware 2021 report.
Furthermore, 59% of these respondents say it is because ransomware attacks are increasingly hard to stop due to their sophistication; 58% of them say ransomware is already so prevalent it is inevitable they will get hit; and 41% of them say they're already experiencing an increase in attempted ransomware attacks against them.
It is not all bad news though for Malaysian organisations, with 30% of organisations experiencing a ransomware attack in 2021 compared to 60% in 2020. This bucks the global trend where, on average, countries saw an increase in ransomware attacks. In other good news, the cost of recovery from a ransomware attack also decreased in Malaysia from US$1.06 million in 2020 to US$744,00 in 2021. This is also in sharp contrast to the global average that saw the average total cost of recovery from a ransomware attack more than double in a year.
Ransomware - the costs of paying up
Globally, 73% of attacks succeeded in encrypting data, however 94% of companies suffering an infection managed to get their data back - 26% got their data back by paying a ransom, while just over half recovered their operations via backups. Somewhat mysteriously, 12% globally retrieved their data through other means.
"The best way to stop a cyberattack from turning into a full breach is to prepare in advance. Organisations that fall victim to an attack often realize they could have avoided significant financial loss and disruption, if they had an incident response plan in place," said Wong Joon Hoong, Country Manager, Sophos Malaysia.
Wong explained that even if an organisation pays up, they're still going to have to do a lot of work to restore the data. Thus, what they're dealing with is the cost of being held hostage, as well as the money required to get everything back to a state of normality.
"The fact is that the costs required to recover data and get things up and running again are likely to be the same whether they get data from backups or from the cybercriminals involved. Pay the ransom, and organisations will have another big cost on top," continues Wong.
Using Sophos Managed Threat Response (MTR) to deal with ransomware
Preparation is the best defence and it is more important than ever to protect against adversaries at the door, before they get a chance to take hold and unfold their increasingly multi-faceted attacks. Reports from Sophos also showed that 24% of organisations that invest in anti-ransomware technology were able to stop the attack with the technology they had in place before it could have an effect.
Fortunately, if organisations are attacked, they don't have to face this challenge alone. Support is available in the form of external security operations centers, human-led threat hunting and incident response services.
Sophos Managed Threat Response (MTR) is a fully managed 24x7 threat hunting, detection, and response service delivered by an expert team of threat hunters. This round-the-clock service can rapidly identify and neutralise sophisticated and complex cyber threats that could otherwise go undetected. The service fuses machine learning with human analysis for an evolved approach to proactive security protection - helping smaller IT teams to stay ahead of the attacks because no company regardless of size is immune to cyber-attacks.
"RaaS is the new normal, but with the right defences and a cybersecurity plan in place, companies can keep their business intact - and avoid the costs and disruption of a ransomware attack. This is especially crucial for local companies as the growing connectivity and the accelerating pace of digital transformation will expose Malaysia to increasingly more malicious cyber activities.
"Sophos MTR fuses our industry-leading endpoint protection and intelligent EDR, with a world-class team of cybersecurity experts. It can help solve many cybersecurity pain points, including concerns over talent scarcity, limited security budgets, and evolving cyberthreat," concluded Wong.
Sophos MTR has flexible and scalable pricing- it's a simple per-user and per-server pricing with no hidden extras. Business owners can choose to scale as they grow, giving them full control of their budget. For more information, please visit http://bit.ly/Sophos_MTR.