Max ransomware attacks were against retail and education, finds Sophos study

03rd August 2021
Max ransomware attacks were against  retail and education, finds Sophos study

August 3 2021:UK-headquartered  worldwide leader in next-generation cybersecurity, Sophos recently released  a report -- “Sophos State of Ransomware in Education 2021” --  which looks at the extent and impact of ransomware attacks on educational institutions worldwide during 2020.
The survey polled 5,400 IT decision makers, including 499 education IT managers, in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.
Key findings:
- Education, together with retail, faced the highest level of ransomware attacks during 2020, with 44% of organizations hit (compared to 37% across all industry sectors).
- For educational institutions, the financial impact of a ransomware attack in 2020 was crippling. The total bill for rectifying a ransomware attack in the education sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was, on average, US$2.73 million – the highest across all sectors surveyed, and 48% above the global average.
- Over half (58%) of the education organizations hit by ransomware said the attackers had succeeded in encrypting their data.
- Over a third (35%) of those with encrypted data gave in to the attackers’ demands and paid the ransom. Only the energy, oil/gas and utilities (43%), and local government (42%) sectors were more likely to pay.
-The average ransom payment was US$112,435 (lower than the global average of US$170,404). However, those who paid recovered on average only around two-thirds (68%) of their data, leaving almost a third inaccessible; and just 11% got all their encrypted data back
-Of those institutions that were not hit with ransomware last year (55% of respondents), the majority (61%) expect to be targeted in the future. The main reasons given for this are that cyberattacks are now so sophisticated (46%) and prevalent (42%) that they are almost impossible to stop
“Sophos State of Ransomware in Education 2021” paper  here.
Additional resources
Tactics, techniques and procedures (TTPs), and more, for different types of ransomware can be found on SophosLab Uncut, the home of Sophos’ latest threat intelligence
Information on attacker behaviors, incident reports and advice for security operations professionals can be found on Sophos News SecOps
Understand adversary behaviors and TTPs in the wild in Sophos’ Active Adversary Report 2021
Learn more about the global prevalence and impact of ransomware in the State of Ransomware 2021
To help stop ransomware attacks, read the five early indicators an attacker is present