Published 18 May 2020

Sophos has published its State of Ransomware 2020 report based on a survey of 5,000 IT managers in 26 countries. One surprising finding regards the average cost of recovering from a ransomware attack, which includes the cost of any ransom paid, downtime, resources used, missed business opportunities and so on.

For businesses choosing to pay the ransom, this cost was $1,448,458 on average, but this dropped to almost half ($732,520) for those that refused to pay.

This is surprising, because many organisations often choose to pay the ransom to make the problem go away as quickly as possible, even though rewarding cybercriminals serves to encourage them and others to commit more ransomware attacks. The survey questions this logic by showing that it can be cheaper to not, thus discouraging further cybercrime in the process.

A good backup strategy seems to be the key to recovering from a ransomware attack. Of those surveyed that had been hit by an attack, more than half (56%) of them recovered their data from backups and therefore had no need to pay the ransom. In contrast, only 26% got their data back by stumping up the ransom demands. In these cases, cybersecurity insurance generally paid the ransom when the organisation had adequate cover for it. A further 1% of respondents paid the ransom but still did not get their data back, demonstrating that even conceding to a ransomware demand is no guarantee of a good outcome.

What’s more, in 59% of cases, the respondents mentioned that some data in the public cloud was also affected, indicating that cybercriminals are commandeering data wherever they can locate it. This highlights the importance of extending a backup strategy to include any cloud-based data, such as the databases, documents, and emails that may be stored in a Microsoft 365 account.

WatchGuard Technologies’ Chief Technology Officer, Corey Nachreiner, explained to SC Media UK the limited options organisations have if they don’t keep adequate backups, saying:

“You can try to rebuild what was lost from scratch, look for other areas where you may have kept copies and follow security sites and companies that sometimes crack or unveil ransomware decryptors, although there is no guarantee this will happen. Other than that, if you have really lost the data you may never get it back, unless you pay (although that is not always guaranteed either), which is why preparing for ransomware ahead of time is absolutely crucial.”

A good backup strategy is essential to recovering quickly from ransomware attacks and other forms of cyberattack, as well as other events that can compromise data, such as hardware failures and natural disasters. At Pro-Networks, we take our backup and recovery services very seriously, and we offer a range of onsite and offsite solutions. We can also provide IT continuity services for when you really need to keep your operations running, even in the face of a catastrophic event.


Save money by saying no to ransoms,...

NCSC launches online scam reporting...

UK launches rapid response unit to...