Skip to main content

Ransomware attacks can leave your organization permanently changed

(Image credit: Shutterstock)

Falling victim to a ransomware attack could have even longer lasting effects than previously thought according to a new survey from Sophos which reveals that organizations are never the same after being hit by ransomware.

To compile its "Cybersecurity: The Human Challenge" survey, the cybersecurity firm interviewed 5,000 IT decision makers from organizations with 100 to 5,000 employees from 26 countries including the UK, US, Canada, Australia, China, Japan and more.

Sophos found that the confidence of IT managers and their approach to battling cyberattacks differed significantly depending on whether or not their organizations had suffered a ransomware attack in the past. 

Of those surveyed, IT managers at organizations hit by ransomware are nearly three times as likely to feel “significantly behind” when it comes to understanding cyber threats compared to their peers in organizations that have not fallen victim to a ransomware attack yet.

Lasting effects of a ransomware attack

When it came to security, Sophos' survey found that ransomware victims spend proportionally less time on threat prevention (42.6%) and more time on response (27%) compared to those who haven't suffered an attack (49% and 22% respectively). 

The firm's principal research scientist Chester Wisniewski believes that the difference in response priorities could show that ransomware victims may have more overall incidents to deal with or that they could be more aware to the complex, multi-stage nature of advanced attacks.

SophosLabs Uncut recently published an article, titled “Inside a New Ryuk Ransomware Attack”, in which it deconstructed a recent Ryuk ransomware attack. The company's incident responders found that the attackers used updated versions of legitimate tools in order to compromise a targeted network and deploy ransomware. However, unlike in previous cases, the attack progressed at great speed with an employee opening a malicious attachment in a phishing email and the attackers conducting network reconnaissance within three and half a hours. Within 24 hours though, the attackers already had access to a domain controller and were preparing to launch Ryuk on the organization's systems.

Wisniewski provided further insight on the burden ransomware attacks and other advanced cyber threats place on IT security teams in a press release, saying:

“Our investigation of the recent Ryuk ransomware attack highlights what defenders are up against.  IT security teams need to be on full alert 24 hours a day, seven days a week and have a full grasp of the latest threat intelligence on attacker tools and behaviors. The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyberthreat awareness. However, their ransomware experiences also appear to have given them a greater appreciation of the importance of skilled cybersecurity professionals, as well as a sense of urgency about introducing human-led threat hunting to better understand and identify the latest attacker behavior,”