Ransomware hits 65% of organisations in Singapore: Sophos

• Almost half of organisations paid ransom to have data returned
• Ransomware increased by more than sixfold from 2020 to 2021

Sophos has released its annual survey and review of real-world ransomware experiences in its State of Ransomware 2022 report.

In a statement, the cybersecurity firm said the report showed that 65% of Singaporean organisations surveyed were hit with ransomware in 2021, up from 25% in 2020. 

It added that the average ransom paid by organisations in Singapore that had data encrypted in their most significant ransomware attack, increased by more than sixfold from US$187,500 (RM822,300) in 2020 to US$1.16 million (RM5 million)  in 2021. 

Additionally, 48% of the organisations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups, Sophos said.

The report summarises the impact of ransomware on 5,600 mid-sized organisations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa, with 965 sharing details of ransomware payments.

This included 150 organisations in Singapore, of whom 30 shared details of ransomware payments, Sophos said.

Chester Wisniewski, principal research scientist at Sophos said, alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available.

“There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site,” he said.

In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible, he said, adding that restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. 

The main findings of the State of Ransomware 2022 survey for Singapore, which covers ransomware incidents experienced during 2021, as well as related cyber insurance issues, include: 

• More organisations are falling victim: In 2021, 65% of Singapore organisations were hit by ransomware attacks, more than twice the number from the previous year (25%). The report stated that 64% of attacks resulted in data being encrypted, a considerable increase from the 49% that was reported by respondents in Singapore in 2020.  Of these organisations in 2021, 48% paid the ransom and got their data back, it added;
• The impact of a ransomware attack can be immense: According to the report, the average cost to recover from the most recent ransomware attack in 2021 for organisations in Singapore was US$1.9 million (RM8.3 million). This, it highlighted, is a considerable decrease from the US$3.46 million (RM15 million) reported in 2020. It added that on average, it took one month to recover from the damage and disruption, with 87% of organisations saying the attack had impacted their ability to operate, whilst 83% of victims said they had lost business and/or revenue because of the attack;
• Many organisations rely on cyber insurance to help them recover from a ransomware attack. The survey indicated that 86% of mid-sized organisations had cyber insurance that covers them in the event of a ransomware attack and in almost all incidents, the insurer paid some or all the costs incurred; and
• Organisations are fighting back: The survey also stated that all Singaporean respondents said their organisations have made changes to their cyber defenses over the last year to improve their insurance position. Four in five said they have implemented new technologies/services whilst 60% have increased staff training and education activities. 

Additionally, 53% said they have changed their processes and behaviors.

Wisniewski said the findings suggest companies may have reached a peak in the evolutionary journey of ransomware where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure.

“In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service.”

“Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands.” 

“However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky high ransoms,” he said, adding that this is unlikely to reduce the overall risk of a ransomware attack.