As ransomware attacks continued to grow in number and severity throughout 2021, there are some faint signs that organizations are getting better at preparing for and responding to them, a trio of new reports suggests.
One of the reports, from ThycoticCentrify, is based on responses from 300 US-based IT decision-makers. Sixty-four percent experienced a ransomware attack in the last 12 months, according to respondents, and 83% of the victims say they had no choice but to pay ransom to their attackers to restore encrypted data.
Another report, from the US Treasury Department's financial crimes enforcement network (FinCEN), noted a sharp increase in the number of ransomware-related suspicious activity reports (SARs) from US financial institutions between January and June 2021. Over the six-month period, financial institutions submitted 635 SARs, compared with 458 similar reports in all of 2020. The total value of transactions, such as those involving bitcoin payments, in these SARs amounted to $590 million in the first six months of 2021 alone — some $174 million more than the $416 million reported for the 2020 calendar year.
The Treasury Department's data showed the number of incident reports that financial firms filed in the first six months of 2021 accounted for some 29% of the 2,184 ransomware-related SARs filed over the past 10 years. FinCEN analyzed 177 unique virtual currency wallet addresses that the operators of the 10 most reported ransomware variants used for payments. The analysis shows a staggering $5.2 billion in outgoing virtual currency transactions potentially tied to ransomware payments.
The third report, from cyber-insurance firm Corvus, shows the cost of ransom payments is rising as a share of the overall cost of a ransomware attack. After dropping during the first six months of 2021, average ransom amounts more than doubled to $290,000 in the third quarter. That pushes the average ransom for 2021 so far, to $142,637. The costs of hiring vendors and other third parties to assist in recovery and forensics efforts also jumped as a percentage of overall ransomware costs — from 30% last year to 52% in 2021.
Glimmer of Improvement
At the same time — and somewhat contrary to data in the other reports — Corvus itself says it has observed a steady decline, since the third quarter of 2020, in the percentage of ransomware victims that paid to restore access to data. The insurance firm says the frequency of ransomware claims in 2021 has been slightly higher than in 2020, yet ransomware claims that resulted in ransom payment shrank from 44% in the third quarter of 2020 to just 12% in the third quarter of 2021. Corvus says the likely reason for the trend is improved preparedness and resiliency among customers of its cyber-insurance policies.
"We attribute the improvement in ratio of ransoms demanded to those paid, to policyholders better protecting their backups from attack," says Lauren Winchester, vice president of risk and response at Corvus Insurance. "There is a positive trend toward greater cyber resiliency as organizations take proactive steps to mitigate the threat of ransomware."
ThycoticCentrify says its research shows 94% of all respondents have an incident response plan in place for a ransomware attack — either because they had already experienced one or are preparing for one. The most common preparedness measures included those for backing up critical data, regularly updating systems and software, enforcing password best practices, and implementing application-level security controls.
"It is likely that the growing risk from ransomware attacks has spurred organizations to make sure they have a response plan in place," says Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify. "Organizations are on the right track to prevent the worst damages from ransomware attacks by practicing basic cybersecurity hygiene such as regular backups, timely patching, and password protection."
Companies are also increasing their security budgets to mitigate the risk of ransomware attacks on their business, Carson says. Seventy-two percent of respondents in the ThycoticCentrify survey have seen their cybersecurity budgets increase over the past 12 months because of ransomware threats, and 93% have set aside a special budget just for ransomware threats.