Local businesses in South Africa are falling victim to repeated ransomware attacks, according to a new survey from global network and endpoint security provider, Sophos.
The findings of its survey, The State of Endpoint Security Today shows the extent to which businesses are at risk of repeated ransomware attacks and are vulnerable to exploits. The survey polled more than 2,700 IT decision makers from mid-sized businesses in 10 countries worldwide, including the US, Canada, Mexico, France, Germany, UK, Australia, Japan, India, and South Africa.
Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
According to the survey, more than than half of responding organisations said they were hit by ransomware in 2017 and on average they were struck twice.
According to those impacted by ransomware last year, the median total cost of a ransomware attack was $133,000 (R1.6 million). This extends beyond any ransom demanded and includes downtime, manpower, device cost, network cost, and lost opportunities. Five percent of those surveyed reported $1.3 million to $6.6 million as total cost.
For South Africa, the median total cost of a ransomware attack was around R1.7 million including ransom, downtime, manpower, device cost, network cost, and lost opportunities, with 48% incurring costs below this level and 52% incurring costs above this level.
“Ransomware is not a lightning strike – it can happen again and again to the same organisation. We’re aware of cybercriminals unleashing four different ransomware families in half-hour increments to ensure at least one evades security and completes the attack,” said Dan Schiappa, senior vice president and general manager of products at Sophos.
“If IT managers are unable to thoroughly clean ransomware and other threats from their systems after attacks, they could be vulnerable to reinfection. No one can afford to be complacent. Cybercriminals are deploying multiple attack methods to succeed, whether using a mix of ransomware in a single campaign, taking advantage of a remote access opportunity, infecting a server, or disabling security software.”
IT professionals also need to be aware of how exploits are used to gain access to a company’s system for data breaches, distributed-denial-of-service attacks, and cryptomining. Sophos’ survey revealed considerable misunderstanding around technologies to stop exploits with 69% unable to correctly identify the definition of anti-exploit software.
With this confusion, it’s not surprising that 54% do not have anti-exploit technology in place at all, Sophos said. “This also suggests that a significant proportion of organisations have a misplaced belief that they are protected from this common attack technique yet are actually at significant risk.”
“The lack of awareness and lack of protection against exploits is alarming. We’ve seen a resurgence in cybercriminals looking for vulnerabilities to actively use in countless attack campaigns. Five or six years ago we saw one per year, and last year as many as five new Office exploits have been used for cybercriminal activity, according to SophosLabs,” said Schiappa.
“When cybercriminals are deliberately seeking out both known and zero-day vulnerabilities and an organisation has a deficit in defenses, it adds up to a bad security situation.”