While all cybercrime is unwanted, nothing will make your heart sink as fast as a message on your computer stating your files have been encrypted and you’ll have to pay a ransom to unlock them.

But just how popular is ransomware in 2020 following high-profile, cautionary cases over the last two years? Have cybersecurity experts wised up to the tricks or have attackers shifted their focus elsewhere?

In a bid to answer those questions and more, Sophos conducted a survey of 5 000 IT managers to see what their experiences with ransomware were.

The data is a small sample, but it gives us a nice snapshot of ransomware and its place in the current cybersecurity landscape.

So what does that landscape look like?

Ransomware is down but…

Sophos reports that compared to 2017, respondents who have experienced ransomware are down by three percentage points in 2020.

Of the 1 700 respondents surveyed in 2017, 54 percent said that they had been hit by ransomware. In 2020, of the 5 000 respondents, 51 percent said they had been hit by ransomware.

This is less a case of attackers giving up on the attack vector and more them picking targets more carefully.

“In 2020, the trend is for server-based attacks. These are highly-targeted, sophisticated attacks that take more effort to deploy – hence the reduction in the number of attacks. However, they are typically far more deadly due to the higher value of assets encrypted and can cripple organizations with multi-million dollar ransom requests,” wrote Sophos.

This becomes more evident when Sophos looks at country data.

Of 300 respondents in India, 82 percent said they had been hit by ransomware. Sophos says that this is because cyber hygiene is generally poor in the region and makes for easy pickings.

Looking toward the bottom of the scale, South Africa, Poland and Philippines experienced the least ransomware attacks – 24 percent, 28 percent and 30 percent respectively.

The cybersecurity firm says that this shows that attackers are targeting victims with more nuance than before.

“The Philippines, Poland, and South Africa report the lowest levels of cyberattacks. As we discussed earlier, cybercriminals have moved from ‘spray and pray’ desktop ransomware attacks to more targeted server-based attacks that affect fewer organizations but with higher ransom demands. They geo-target their attacks to go after the most lucrative opportunities. The three countries at the bottom of the attack scale also have lower GDP than many of the other countries higher up the list which may be why they receive less focus from the cybercriminals,” says Sophos.

The cost of coughing up

While South Africa may not be a prime target that doesn’t mean we are immune to ransomware.

The average cost of remediating an attack according to local respondents clocks in at $266 817.18 (~R4 990 035). While this is below the global average of $761 106 (~R14 234 262.20), it’s still a sizeable amount of money.

What is interesting is that paying the ransomware often ends up costing a company more.

“This may sound counterintuitive: if you’ve paid the ransom, why does it cost more? Well even if you pay the ransom, you still need to do a lot of work to restore the data. In fact, the costs to recover the data and get things back to normal are likely to be the same whether you get the data back from the criminals or from your backups. But if you pay the ransom, you’ve got another big cost on top,” explains Sophos.

How big is that difference?

The average cost of remediation without paying a ransom comes in at $732 520 (~R13 699 644.66) and if you pay the ransom that average cost shoots up to $1 448 458 (~R27 089 171.50).

Naturally businesses want to avoid being hit by ransomware but Sophos advises that businesses start their protection by assuming they will be hit.

This puts owners the opportunity to create their cybersecurity strategy around the assumption that you will be hit and allows them to plan out mitigation efforts more clearly.

Cyber insurance is also key to offsetting the cost of an attack.

Backups should be obvious and Sophos reports that 56 percent of respondents used backups to restore their data after it was encrypted. Offsite and offline backups should factor into your strategy.

There is no silver bullet for ransomware attacks but mitigating the potential damage that can be done is advise worth heeding.

You can read the full State of Ransomware 2020 report from Sophos online here.