Organizations are Never the Same After Being Hit by Ransomware, According to Sophos Global Survey

Sophos Press Release

The Confidence of IT Managers and Approach to Battling Cyberattacks is Vastly Different Between Those Who’ve Been Impacted by Ransomware and Those who Have Not, Survey Shows

New Ryuk Ransomware Techniques Underscore How Fast Attackers Switch Gears

OXFORD, U.K. – Oct. 14, 2020 – Sophos, a global leader in next-generation cybersecurity, today announced the findings of its global survey, “Cybersecurity: The Human Challenge”, which reveals that organizations are never the same after being hit by ransomware. In particular, the confidence of IT managers and their approach to battling cyberattacks differ significantly depending on whether or not their organization has been attacked by ransomware.

For instance, IT managers at organizations hit by ransomware are nearly three times as likely to feel “significantly behind” when it comes to understanding cyberthreats, compared to their peers in organizations that were unaffected (17% versus 6%).

More than one third (35%) of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest challengewhen it comes to cybersecurity, compared with just 19% of those who hadn’t been hit. 

When it comes to security focus, the survey found that ransomware victims spend proportionally less time on threat prevention (42.6%) and more time on response (27%) compared to those who haven’t been hit (49% and 22% respectively), diverting resources towards dealing with incidents rather than stopping them in the first place.

“The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall. However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and therefore put greater resource into detecting and responding to the tell-tale signs that an attack is imminent,” said Chester Wisniewski, principal research scientist at Sophos.

The fact that ransomware attackers continue to evolve their tactics, techniques and procedures (TTPs) contributes to pressure on IT security teams, as evidenced by SophosLabs Uncut’s article, “Inside a New Ryuk Ransomware Attack”. The article deconstructs a recent attack involving Ryuk ransomware. Sophos incident responders found that the Ryuk attackers used updated versions of widely available and legitimate tools to compromise a targeted network and deploy ransomware. Unusually, the attack progressed at great speed – within three and a half hours of an employee opening a malicious phishing email attachment, the attackers were already actively conducting network reconnaissance. Within 24 hours, the attackers had access to a domain controller and were preparing to launch Ryuk.

“Our investigation of the recent Ryuk ransomware attack highlights what defenders are up against.  IT security teams need to be on full alert 24 hours a day, seven days a week and have a full grasp of the latest threat intelligence on attacker tools and behaviors. The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyberthreat awareness. However, their ransomware experiences also appear to have given them a greater appreciation of the importance of skilled cybersecurity professionals, as well as a sense of urgency about introducing human-led threat hunting to better understand and identify the latest attacker behavior,” said Wisniewski. “Whatever the reasons, it is clear that when it comes to security, an organization is never the same again after being hit by ransomware.”

The full report, “Inside a New Ryuk Ransomware Attack”, is available on SophosLabs Uncut, where Sophos researchers regularly publish their latest research and breakthrough findings, such as Maze leveraging Ragnar Locker. Threat researchers can follow SophosLabs Uncut in real time on Twitter at @SophosLabs.


About the Survey

The “Cybersecurity: The Human Challenge” survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2020. The survey interviewed 5,000 IT decision makers in 26 countries, in the US, Canada, Brazil, Colombia, Mexico, France, Germany, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Poland, the Czech Republic, Turkey, India, Nigeria, South Africa, Australia, China, Japan, Singapore, Malaysia, Philippines and UAE. All respondents were from organizations with between 100 and 5,000 employees.

关于 Sophos

Sophos 是全球下一代网络安全领导者,保护 150 多个国家 500,000 多家企业和数以百万的消费者抵御当前最高级的网络威胁。在 SophosLabs 和 SophosAI 的威胁情报、AI 及机器学习的大力支持下,Sophos 提供多种先进产品和服务,保护用户、网络和端点防范勒索软件、恶意软件、漏洞攻击、网络钓鱼以及各种其他网络攻击。Sophos 提供单个集成云管理控制台 Sophos Central,作为自适应网络安全生态体系的核心,具有中央数据湖,为客户、合作伙伴、开发人员和其他网络安全供应商提供丰富的开放 API。Sophos 通过世界给的的经销商合作伙伴和托管服务提供商 (MSP) 销售产品和服务。Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.com