Decrease in data encryption through ransomware attacks observed, according to a recent report

In a recent report, cybersecurity firm Sophos has highlighted some significant changes in the tactics used by ransomware attackers. Over the years, ransomware has remained a major threat to businesses, but the methods employed by cybercriminals have evolved.

One of the most striking changes, as per the Sophos report, is the decline in data encryption as part of a ransomware attack. This trend is particularly noticeable in large organizations, with 65% of attacks involving encryption, compared to last year's 70%.

The report also shows a decrease in the percentage of attacks beginning with credential compromises. Last year, 29% of attacks started this way, but this year, that figure has dropped to 23%. This suggests that organizations are becoming more adept at stopping attacks before the encrypted payload is deployed.

Sophos' findings indicate that ransomware actors most commonly access victims' systems by exploiting software vulnerabilities. Phishing emails are still the initial attack method for most ransomware attacks, but Allan Liska, a threat intelligence analyst and ransomware expert at Recorded Future, points to exploiting vulnerabilities as a different primary method.

Interestingly, smaller organizations (100-250 employees) are more likely to face extortion-only attacks, with 13% reporting such incidents, compared to 3% of larger organizations (3,001-5,000 employees). The number of extortion-only attacks has doubled this year, accounting for 6% of all ransomware attacks, according to the Sophos report.

The average ransom demand has dropped by 34% over the past year, and the average ransom payment has dropped by 50%. However, less than a third of respondents in the Sophos survey who paid a ransom said the amount matched the attackers' initial demand.

Ransomware attacks have lasting human consequences. 41% of IT and cybersecurity workers experienced more stress or anxiety about future attacks after responding to one. Organizations should consider the mental health impact on incident responders when planning for recovery from an attack, as noted by Allan Liska.

It's worth noting that different research firms may have different views into the attack surface. For instance, Liska's company, Recorded Future, found that leaked/stolen credentials are more commonly used as the initial attack vector, contrary to Sophos' findings.

In conclusion, the Sophos report provides valuable insights into the evolving tactics of ransomware attackers. As the threat landscape continues to shift, it's crucial for organizations to stay vigilant and adapt their defenses accordingly.

Decrease in data encryption through ransomware attacks observed, according to a recent report