There were significant variations in the industries targeted by ransomware

Barracuda Networks, a trusted partner and leading provider of cloud-first security solutions, published its 2023 Ransomware Insights report, which shows that 73 per cent of organisations surveyed globally and in Asia-Pacific (APAC), reported being hit with at least one successful ransomware attack in 2022 — and 38 per cent say they were hit twice or more.

Commissioned by Barracuda, and conducted by independent research firm Vanson Bourne, the survey questioned IT professionals from frontline to the most senior roles at companies with 100 to 2,500 employees, across a range of industries in APAC and EMEA countries, and the U.S.

Results show that businesses which were hit multiple times were more likely to say they’d paid the ransom — 42 per cent of those hit three times or more paid the ransom to restore encrypted data, compared to 31 per cent of victims of a single attack. They were also less likely to use a data backup system to help them recover.

Ransomware continues to be a major issue for businesses across Asia-Pacific owing to the region’s increasingly fast pace of digital disruption and connectivity.

According to the study, there were significant variations in the industries targeted by ransomware. For example, 98 per cent of consumer services and 85 per cent of energy, oil/gas, and utility organisations experienced at least one ransomware attack. The energy, oil/gas, and utility industry was also the most likely, at 53 per cent, to report two or more successful ransomware incidents.

The findings show that for 69 per cent of organisations, the ransomware attack started with a malicious email, such as a phishing email designed to steal credentials that would allow the attackers to breach the network. Web applications and traffic are in second place and represent an area of growing risk as part of an ever-expanding threat surface.

Organisations with cyber insurance were more likely to be affected by ransomware — 77 per cent of organisations with cyber insurance were hit with at least one successful ransomware attack, compared to 65 per cent without cyber insurance.

The research also found that 27 per cent of the organisations surveyed feel they are not fully prepared to deal with a ransomware attack.

“The number of organisations affected by ransomware in 2022 in Asia-Pacific and other parts of the world reflects the widespread availability of low cost, accessible attack tools through ransomware-as-a-service offerings,” said Mark Lukie, Director of Solution Architects, Barracuda APAC.

“The relatively high proportion of repeat victims suggests that security gaps are not fully addressed after the first incident. The security industry has an essential role to play in helping organisations to defend themselves against ransomware, through deep, multilayered security technologies that include advanced email protection and backup as well as threat hunting and extended detection and response (XDR) capabilities to stop malicious activity in its tracks.”

Tags: BaracudaRansomware 2022