Credit: style-photography Ransomware continues to plague businesses around the globe. Sophos’ 2021 State of Ransomware Surveyfinds 37% of respondent organizations were hit by ransomware in the last year alone. Several headline-making attacks in recent months, in which victim organizations paid the ransom for access to their data, raised eyebrows and sparked conversations on whether or not paying is ever a good idea.“We know that probably the number who actually pay is underreported,” said Chester Wisniewski, principal research scientist at Sophos. “Our rapid response team says in more than half of the cases they are involved in, victims are paying.”The Sophos research also finds that of those impacted, 54% say the cybercriminals succeeded in encrypting their data – but 39% stopped the attack before their data could be encrypted.Those that fared better are simply more prepared, said Wisniewski. These organizations are at the ready, with external partners in place to assist in response if attack indicators are detected. The key element here is time – and being able to detect a breach can mean the difference between massive loss and halting an attack in progress.“Those early indicators give you time,” said Wisniewski. “Bringing in experts to help respond makes it much more likely to have a better outcome. I relate it to natural disasters. If something takes down all of your computers, what is your plan to keep operating?”Focus on Detect and Respond The survey also finds having trained IT staff who can stop attacks is the most common reason some organizations are confident they won’t be hit by ransomware in the future.“Defense teams are actually getting better at this,” said Wisniewski. “In past years, less than a quarter of organizations could actually stop the attack. Now we are almost at half. That’s really encouraging.”Investing in anti-ransomware tooling can also build confidence. More than half (52%) of organizations said they felt more secure having invested in a modern anti-ransomware toolset. Trained staff and a modern tool set can help security teams move beyond prevention and into proactive detection.“In a modern strategy, no more than 50% should be focused on prevention,” said Wisniewski. “No amount of prevention is going to stop an adversary from getting in.Teams need to be more focused on detection and response.”Other key findings include the following:96% of respondents whose data was encrypted got their data back in the most significant ransomware attackThe average ransom paid by mid-sized organizations was $170,404The average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, etc., was $1.85 millionExtortion-style attacks where data was not encrypted but the victim was still held to ransom have more than doubled since last year, up from 3% to 7%For a copy of the survey, click here.Learn more at Sophos.com Related content brandpost Sponsored by Sophos 5 Cyber Criminal Ransomware Mistakes to Make You Smile By Joan Goodchild Jan 26, 2022 3 mins Ransomware brandpost Sponsored by Sophos You’ve Been Hit by Ransomware. Now What? By Joan Goodchild Jan 24, 2022 4 mins Ransomware brandpost Sponsored by Sophos 3 Measures to Stifle the Ransomware Crisis By Joan Goodchild Jan 20, 2022 3 mins Ransomware brandpost Sponsored by Sophos Raccoon Stealer Campaign Highlights Robust Industrialized Criminal Market By Joan Goodchild Dec 16, 2021 3 mins Malware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe