• United States



What’s Your Plan if Ransomware Hits?

BrandPost By Joan Goodchild
Jun 29, 20213 mins

malware notebook data picture id1282840319
Credit: style-photography

Ransomware continues to plague businesses around the globe. Sophos’ 2021 State of Ransomware Surveyfinds 37% of respondent organizations were hit by ransomware in the last year alone. Several headline-making attacks in recent months, in which victim organizations paid the ransom for access to their data, raised eyebrows and sparked conversations on whether or not paying is ever a good idea.

“We know that probably the number who actually pay is underreported,” said Chester Wisniewski, principal research scientist at Sophos.  “Our rapid response team says in more than half of the cases they are involved in, victims are paying.”

The Sophos research also finds that of those impacted, 54% say the cybercriminals succeeded in encrypting their data – but 39% stopped the attack before their data could be encrypted.

Those that fared better are simply more prepared, said Wisniewski. These organizations are at the ready, with external partners in place to assist in response if attack indicators are detected. The key element here is time – and being able to detect a breach can mean the difference between massive loss and halting an attack in progress.

“Those early indicators give you time,” said Wisniewski. “Bringing in experts to help respond makes it much more likely to have a better outcome. I relate it to natural disasters. If something takes down all of your computers, what is your plan to keep operating?”

Focus on Detect and Respond

The survey also finds having trained IT staff who can stop attacks is the most common reason some organizations are confident they won’t be hit by ransomware in the future.

“Defense teams are actually getting better at this,” said Wisniewski. “In past years, less than a quarter of organizations could actually stop the attack. Now we are almost at half. That’s really encouraging.”

Investing in anti-ransomware tooling can also build confidence. More than half (52%) of organizations said they felt more secure having invested in a modern anti-ransomware toolset. Trained staff and a modern tool set can help security teams move beyond prevention and into proactive detection.

“In a modern strategy, no more than 50% should be focused on prevention,” said Wisniewski. “No amount of prevention is going to stop an adversary from getting in.

Teams need to be more focused on detection and response.”

Other key findings include the following:

  • 96% of respondents whose data was encrypted got their data back in the most significant ransomware attack
  • The average ransom paid by mid-sized organizations was $170,404
  • The average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, etc., was $1.85 million
  • Extortion-style attacks where data was not encrypted but the victim was still held to ransom have more than doubled since last year, up from 3% to 7%

For a copy of the survey, click here.

Learn more at