South African firms are paying ransomware crooks: Sophos
A striking number of mid-sized companies in South Africa that have been hit by ransomware attacks are paying the attackers, despite inherent risks in doing so, new research from security firm Sophos has found.
Sophos, in its newly released State of Ransomware 2022 report, discovered that 51% of South African organisations surveyed were hit by ransomware in 2021 — though not all of them had data encrypted by the attackers. Almost half (49%) of those that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups, the survey results show.
The report surveyed the impact of ransomware on 5 600 mid-sized organisations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.
“The survey shows that, globally, the proportion of victims paying the ransom continues to increase, even when they may have other options available,” said Chester Wisniewski, principal research scientist at Sophos, in a statement on Monday. “There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site.
“In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. But it’s also an option fraught with risk.”
According to Wisniewski, organisations often don’t know what the attackers have done, such as adding backdoors to their systems or copying passwords, which could put them at risk of further attacks.
Sophos’s State of Ransomware 2022 survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2022. All respondents were from mid-sized organisations with between 100 and 5 000 employees.