However, in the face of – and perhaps due to – this success, adversaries are changing their tactics. Likely influenced by their ability to use backups, central government is one of the sectors least likely to pay the ransom to get their data back, with just 26% admitting to submitting to the attackers’ demands. They also are better able than many other sectors to restore data using backups (61% vs. average of 37%), they were able to stop just over half (51%) of them before the data was encrypted. While central government and NDPB experienced an above-average level of attacks last year (40% vs. Central government – facing a new attack approachĬentral government is better able to defend against ransomware than local government, but now faces extortion-style attacks. This is a little below the cross-sector average of US$1.85 million, likely because local government organizations often have smaller budgets, limiting the amount of money available to be spent on remediation. Recovering from ransomware costs local government organizations on average US$1.64 million per attack when you add together downtime, people time, device cost, network cost, lost opportunity, ransom paid, and so on. Only the infrastructure sector (43%) had a higher rate of payment. Perhaps as a result of this inability to use backups, local government has the second highest propensity to pay the ransom, with 42% of organizations whose data was encrypted choosing to pay up to get their data back. Once the data is encrypted, local government is also the sector least able to restore data using backups, with only 42% of getting their data back in this way. 69% of local government organizations that were hit by ransomware had their data encrypted, compared with a cross-sector average of 54%. Local government is the sector least able to stop the attackers from encrypting their data. The survey revealed that local government is trapped in a vicious ransomware cycle from which is appears unable to escape. Local government – trapped in a vicious cycle
The report explores how ransomware impacts government organizations, and their ability to defend against these attacks. It also reveals that local government and central government have very different experiences of ransomware, and different challenges to address.
Discover the realities behind the headlines with the new Sophos report The State of Ransomware in Government 2021.īased on an independent survey of 117 IT managers in central government and non-departmental public bodies (NDPB), and 131 IT managers in local government organizations around the globe, it provides fresh insights into the realities of ransomware from the front line. Ransomware has fast become a national emergency with government organizations regularly falling victim to attack.