59% of local organisations expect to be hit by ransomware

by TMR / Pic by  BLOOMBERG

FIFTY nine percent of Malaysian firms are expected to be hit by ransomware attacks in the near future, with an equal percentage also believe this is due to the attacks that are increasingly hard to stop due to their sophistication.

According to Sophos’ global survey, “The State of Ransomware 2021”, 58% of them say ransomware is already so prevalent it is inevitable they will get hit and 41% of them say they are already experiencing an increase in attempted ransomware attacks.

However, the number of local firms experienced ransomware attacks halved from around 60% respondents surveyed in 2020 to 30% in 2021, and fewer organisations suffered data encryption as the result of a significant attack (49% in 2021 compared to 81% in 2020).

The silver lining is, the cost of recovery from a ransomware attack also decreased in Malaysia from US$1.06 million (RM4.37 million) in 2020 to US$744,00 in 2021.

This is in stark contrast to the global average which saw the average total cost of recovery from a ransomware attack more than double in a year, increasing from US$761,106 in 2020 to US$1.85 million in 2021.

“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organisations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” said Chester Wisniewski, Sophos’ principal research scientist.

“This could be in part because using decryption keys to recover information can be complicated. What’s more, there’s no guarantee of success. For instance, as we saw recently with Dear Cry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible,” he added.

The cyber security firm noted that ransomware remains highly prevalent moving forward, it’s better for firms to be prepared rather than the other way round.

Among its recommendations include storing back-ups and keep a copy offline. Back-ups are the main method organisations surveyed used to recover their data after an attack.

“Use layered protection to block attackers at as many points as possible across an estate,” it said.

Sophos added that the key to stopping ransomware is defence in depth that combines dedicated anti-ransomware technology and human-led threat hunting.

“Technology provides the scale and automation an organisation needs, while human experts are best able to detect the tell-tale tactics, techniques and procedures that indicate an attacker is attempting to get into the environment,” it said.

Independent of any ethical considerations, paying the ransom is an ineffective way to get data back.

Lastly, it is recommended for an organisation to have a malware recovery plan. — TMR