49% of Ransomware Attacks Against These 2 Critical Infrastructure Sectors Started with an Exploited Vulnerability

OXFORD, U.K. — 七月 17, 2024 —

Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released a sector survey report, “The State of Ransomware in Critical Infrastructure 2024,” which revealed that the median recovery costs for two critical infrastructure sectors, Energy and Water, quadrupled to $3 million over the past year. This is four times higher than the global cross-sector median. In addition, 49% of ransomware attacks against these two critical infrastructure sectors started with an exploited vulnerability.

Data for the State of Ransomware in Critical Infrastructure 2024 report comes from 275 respondents at energy, oil and gas, and utilities organizations, which fall under the Energy and Water sectors of CISA’s 16 defined critical infrastructure sectors. The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.

“Criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly. This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption,” said Chester Wisniewski, global Field CTO.

“Unfortunately, public utilities are not only attractive targets but vulnerable to attacks on many fronts, including the requirement for high availability and safety, as well as an engineering mindset focused on physical security. There’s a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multi-factor authentication. Like hospitals and schools these utilities are frequently operating with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities and the monitoring required for early detection and response.”

On top of growing recovery costs, the median ransom payment for organizations in these two sectors jumped to more than $2.5 million in 2024—$500,0000 higher than the global cross-sector median. The Energy and Water sectors also reported the second highest rate of ransomware attacks. Overall, 67% of the organizations in these sectors reported being hit by ransomware in 2024, in comparison to the global, cross-sector average of 59%.

Other findings from the report include:

  • The energy and water sectors reported increasingly longer recovery times. Only 20% of organizations hit by ransomware were able to recover within a week or less in 2024, compared to 41% in 2023 and 50% in 2022. Fifty-five percent took more than a month to recover, up from 36% in 2023. In comparison, across all sectors, only 35% of companies took more than a month to recover
  • These two critical infrastructure sectors reported the highest rate of backup compromise (79%) and the third highest rate of successful encryption (80%) when compared to the other industries surveyed

“This once again shows that paying ransom payments almost always works against our best interests. An increasing number (61%) paid the ransom as part of their recovery, yet the amount time it took to recover was extended. Not only do these high rates and amounts of ransoms encourage more attacks on the sector, but they are not achieving the claimed goal of shorter recovery times,” said Wisniewski.

“These utilities must recognize they are being targeted and take proactive action to monitor their exposure of remote access and network devices for vulnerabilities and ensure they have 24/7 monitoring and response capabilities to minimize outages and shorten recovery times. Incident response plans should be planned in advance, the same as for fires, floods, hurricanes and earthquakes, and be rehearsed on a regular schedule.”

Read the full State of Ransomware in Critical Infrastructure on Sophos.com.

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。