Padlock with metal chain hooked and locked across computer keyboard showing ransomware attacks through employee phishing

Ransomware Attacks Evade Strong Cyber Defenses While Phishing Remains an Easy Initial Entry Point Despite Employee Training

Cloudian released a report showing that ransomware attacks were difficult to prevent even when the victims were well prepared.

The 2021 Ransomware Victims Report showed that nearly half of all organizations victimized by ransomware had perimeter defenses at the time of the attack. Additionally, the report found that phishing remains a popular initial access method for penetrating secure corporate networks.

While most organizations chose to pay the ransom, the cost of an attack still exceeded the ransom payment, and that cyber insurance coverage was inadequate. Consequently, the Cloudian advised organizations to implement systems capable of recovering quickly after a successful attack without yielding to extortion demands.

The survey polled 200 IT decision-makers working for organizations that experienced a ransomware attack between 2019-2021.

Ransomware attacks circumvent strong perimeter defense

Most organizations breached had various measures in place to defend against ransomware attacks, according to the Cloudian report.

More than half of the victims (53%) had encryption for data at rest, while 44% had encryption for data in transit. And nearly half (49%) of the victims had perimeter defenses such as end-point security protections, including anti-viruses, while 43% implemented internal controls.

Apart from being difficult to prevent, ransomware attacks succeeded very quickly. More than half (56%) of the respondents said the hackers took control of their data in 12 hours, while 30% said the threat actors gained control in 24 hours. For more than three-quarters (76%) of organizations that reported phishing as the initial entry point, the attackers gained control in less than 12 hours.

Cloud storage was also less safe, contrary to the perception of nearly half of the respondents. The report found that the public cloud was the most common entry point, responsible for 31% of ransomware attacks experienced since 2019.

Phishing remained a popular route for ransomware attacks

Phishing remained the easiest path for ransomware, according to the Cloudian report. Most phishing attacks succeeded despite employees being trained to avoid them. More than half (54%) of the organizations breached had conducted anti-phishing training for employees before they experienced a ransomware attack.

Similarly, nearly a quarter (24%) of all organizations indicated that ransomware attacks started through phishing campaigns. Nearly two-thirds (65%) of these victims reported phishing as the initial access method despite having conducted employee training.

Ransom payment carries additional costs and does not guarantee data recovery

The Cloudian ransomware report found that more than half (55%) of the organizations chose to pay the ransom after an attack. An average ransom payment was $223,000, while 14% of the respondents that chose to pay spent $500,000 or more.

Organizations that paid the ransom spent an average of $183,000 more in additional costs above the direct ransom payment. Additionally, after spending $406,000 in ransom payment and additional costs, only 57% of organizations fully recovered their data.

Apart from the direct financial cost, ransomware attacks significantly impacted many operational areas, including financials, operations, employees, customers, and reputation for 44% of the victims.

Ransomware cyber insurance coverage is inadequate

Most insured ransomware victims learned the hard way that cyber insurance coverage was inadequate.

The Cloudian report showed that cyber insurance only covered about 60% of the ransom payment and additional costs for almost 80% of the victims. Cyber insurance also did not cover other effects of a ransomware attack such as the subsequent reputational damage.

Additionally, a ransomware incident led to an increase in insurance premiums by 25% for 88% of the victims interviewed.

Focus more on recovery, Cloudian advises organizations

The report authors noted that ransomware attacks affect most aspects of organizations, and there was no guarantee of recovering data even after paying the ransom.

“In addition, the financial costs of recovering from ransomware are significant, even with cyber insurance, and there’s no guarantee of getting all your data back,” they said. “Moreover, the negative impact on an organization’s reputation and customers can be hard to reverse.”

They advised organizations to assume that ransomware attacks would succeed, and focus on recovering data without paying the ransom.

“The threat of ransomware will continue to plague organizations around the world if they do not change their approach and response to it,” said Jon Toor, chief marketing officer at Cloudian. “Cyberattacks can penetrate even the most robust defenses, so it’s critical that organizations prioritize being able to recover quickly from an attack.”

The researchers recommended having immutable copies of the data to prevent hackers from encrypting data for specified periods. Doing so would allow the victims to recover data in the event of an attack without paying a ransom, thus breaking the cycle of ransom payment that encourages more attacks.