Kathy Gibson reports – The prevalence of ransomware is starting to dip: the number of organisations around the world hit by ransomware dropped from 59% in 2023 to 66% in 2022.

In addition, enterprises have reported that the number of computers effected by ransomware has halved over the reporting period.

These are among the findings from Sophos’s fifth State Of Ransomware Report 2024, which polled 5 000 respondents in 14 countries.

Despite the, ransomware actors are getting more aggressive, going after backups as well as operations systems, says John Shier, field chief technology officer at Sophos. “And when the backups were compromised, ransom demands were not only higher, but companies were more likely to pay up.”

Double extortion is still prevalent, with 33% of the ransomware attacks resulting in data being stolen as well as being ransomed.

When compromised organisations are able to recover their data, this is mostly as a result of backups, with just over half of attacked companies paying the ransom

The study found that the median ransomware demand was $2-million. Recovering from a ransomware attack cost companies about $3-million – which is $1-million more than the year before.

South Africa is more affected by ransomware than other countries, with a prevalence of 69%, compared to the global average of 59%. However, local attacks are still down from 2022, when prevalence was 79%.

“There’s no reason to celebrate the dip,” Shier says. “Yes, a dip is good – but it’s not necessarily a material dip. Almost three quarters of organisations are being hit, and this is too high. We need to get that number down to sustainable levels.”

Local compromises are still mostly a result of emails.

“In 35% of South African compromises, data was stolen, so the country is very much on global trend.”

In 98% of South African attacks, the ransomware actors tried to compromise the backups as well, and in 44% of those cases, they were successful.”

Ransomware demands on local companies were just shy of $1-million, and those that were paid averaged about $1-million, Shier says. Twenty-nine percent of them were $250 000 or more.

The fact that demands on South African companies were lower than the global average argues that the threat actors are very much in tune with local conditions.

“They have been at this for long time,” Shier says. “September 2023 was the 10th anniversary of modern ransomware, and they has honed their skills.

“Pricing pressure and sensitivity is part of that, and we see it in the data.”

Peter Nel, regional sales director: SADC at Sophos, says organisations should be concerned about the fact that the entry point for ransomware is mainly through email.

“This means it can be via any employee – and it comes down to the people being the weakest link.”