OXFORD, U.K. — Sophos, a global leader of innovative security solutions that defeat cyberattacks, today released additional findings from its annual “State of Ransomware 2024” survey. According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government bodies for help with the attack.
In addition, more than half (59%) of those organizations that did engage with law enforcement found the process easy or somewhat easy. Only 10% of those surveyed said the process was very difficult.
Based on the survey, impacted organizations reached out to law enforcement and/or official government bodies for a range of assistance with ransomware attacks. Sixty-one percent reported they had received advice on dealing with ransomware, while 60% received help investigating the attack. Fifty-eight percent of those that had their data encrypted received help from law enforcement to recover their data from the ransomware attack.
“Companies have traditionally shied away from engaging with law enforcement for fear of their attack becoming public. If they are known to have been victimized it could impact their business reputation and make a bad situation worse. Victim shaming has long been a consequence of an attack, but we’ve made progress on that front, both within the security community and at the government level. New regulations on cyber incident reporting, for example, appear to have normalized engaging with law enforcement, and this survey data shows organizations are taking steps in the right direction,” said Chester Wisniewski, director, field CTO, Sophos. “If the public and the private sectors can continue to galvanize as a group effort to help businesses, we can continue to improve our ability to recover quickly and gather intelligence to protect others or even potentially hold those conducting these attacks responsible.”
Recent in-the-field findings from Sophos X-Ops’ Active Adversary report highlighted the continued threat of ransomware to small-and-medium sized businesses. Data from more than 150 incident response (IR) cases in 2023 found that ransomware was, for the fourth year running, the most frequently encountered attack type, occurring in 70% of IR cases Sophos X-Ops investigated.
“While improving cooperation and working with law enforcement after an attack are all good developments, we need to move from simply treating the symptoms of ransomware to preventing those attacks in the first place. Our most recent Active Adversary report showed that many organizations are still failing to implement key security measures that can demonstrably reduce their overall risk profile; this includes patching their devices in a timely manner and enabling multi-factor authentication. From the law enforcement side, while they have had some recent successes with takedowns and arrests from LockBit to Qakbot, these successes have proven to be more akin to temporary disruptions than longer term or permanent wins.
“Criminals are successful in part due to the scale and efficiency with which they operate. To beat them back, we need to match them in both these areas. That means that, going forward, we need even greater collaboration, both within the private and public sector—and we need it at a global level,” said Wisniewski.
“Today’s threat environment is constantly evolving—and it’s more severe and more complex than ever before. The bad guys aren’t constrained by international borders, so we shouldn’t be, either.
“At the Bureau, we’ve been doubling down in particular on our work with the private sector, in their capacity as victims of cyberattacks, of course, because the mission of the FBI always has been — and always will be — victim-centric — but also as integral partners, who can share valuable information about threats and trends, and, increasingly, join in our operations themselves,” said Christopher Wray, FBI director.
Data for the State of Ransomware 2024 report comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.
Read the full State of Ransomware 2024 report on sophos.com for additional global findings and data by sector.
Learn More About Ransomware
- The latest techniques, tactics and procedures (TTPs) of cyber attackers in the Active Adversary Report for 1H 2024.
- How often companies’ backups are compromised during ransomware attacks.
- The role of unpatched vulnerabilities in ransomware attacks.
- The rise of remote encryption among ransomware groups.
- Ransomware attackers targeting managed service providers (MSPs) in the 2024 Sophos Threat Report: Cybercrime on Main Street.
- The evolving ransomware business model in ‘Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch.
- Sophos X-Ops and its groundbreaking threat research by subscribing to the Sophos X-Ops blogs.
About Sophos
Sophos is a global leader and innovator of advanced security solutions that defeat cyberattacks, including managed detection and response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies. As one of the largest pure-play cybersecurity providers, Sophos defends more than 600,000 organizations and more than 100 million users worldwide from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through the Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully managed security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at sophos.com.