Summary: The 2024 Ransomware Risk Report by Semperis reveals that a significant number of companies are repeatedly paying ransoms to regain access to their systems, with many facing multiple attacks and disruptions. The report highlights the evolving nature of ransomware threats and the challenges organizations face in securing their IT identity systems.
Threat Actor: Ransomware Groups | ransomware groups
Victim: Companies across various industries | companies across various industries
Key Point :
- 32% of companies that suffered ransomware attacks paid ransoms four or more times in the past year.
- Nearly half of German companies surveyed reported making multiple ransom payments, compared to one-fifth of U.S. companies.
- More than a third of those who paid ransoms did not receive functional decryption keys.
- Approximately 75% of surveyed companies experienced multiple attacks, with 87% reporting some level of disruption.
- Over 80% of attacks compromised IT identity systems, yet 61% lacked dedicated backup systems for these identities.
- Ransomware threats have evolved into a coordinated effort among various groups, complicating negotiations for victims.
Nearly one-third of companies that suffered a ransomware attack paid a ransom four or more times in the past 12 months to regain access to their systems, according to the 2024 Ransomware Risk Report released Tuesday by Semperis, a cybersecurity software company.
This decision to pay multiple times involved 32% of attacked companies in France, Germany, the U.K. and U.S. across multiple industries, according to the survey of 900 IT and security executives.
Nearly half of the German companies queried paid four or more ransom payments, compared to one-fifth of companies in the U.S.
More than a third of companies that paid the extortion demand either did not receive the decryption keys from attackers or were given corrupted keys, according to the report.
Almost three-quarters of companies said they had endured multiple attacks, and 87% said the attacks had caused some level of disruption. Companies in the U.S. and U.K. were slightly more likely to have experienced a ransomware attack, with 85% in each country reporting such an attack within the past 12 months, Semperis said.
About 75% of those surveyed reported paying a ransom to regain control of their data; about 10% said they had paid more than $600,000.
“Ransomware, once a sporadic menace, has evolved into an unrelenting adversary,” the study, conducted in partnership with Censuswide, said. “Attacks are no longer isolated incidents; they occur incessantly.”
More than 80% of ransomware attacks compromised an organization’s IT identity system, such as Microsoft Active Directory or Entra ID, but 61% of respondents said they don’t have dedicated AD or Entra ID backup systems, according to the report.
Ransomware attacks have evolved from individual bands of actors to “the sum of activities by a loose confederation of groups,” said Chris Inglis, a Semperis adviser and former U.S. National Cyber Director. That means a company often must negotiate with, and pay, more than one attacker.
“Any company that thinks, ‘I’ll just pay my way out,’ is setting themselves up for a harder ride than they might have imagined,” he said.
Companies should assume “a constant breach” posture, according to Semperis, which is based in Hoboken, New Jersey.
Threat actors share information, purchase ready-made ransomware as a service kits, use regulatory fines as leverage and attack industries that were once considered off limits, the reports said.
Source: https://www.cybersecuritydive.com/news/ransomware-cyber-attack-security-payment/722856
Views: 0