Utilities Hit Hard by Ransomware as Cybersecurity Recovery Costs Rise to $3Million

• Cybersecurity recovery costs post a staggering increase in recovery costs for the Energy and Water sectors.
• The report also reveals that nearly 49 per cent of ransomware attacks on these sectors began with an exploited vulnerability
• The Energy and Water sectors also reported a high rate of ransomware attacks

The water and energy sector have been the worst hit with the rise in cybercrime recovery costs according to a new report by Cybersecurity firm Sophos.

The survey titled “The State of Ransomware in Critical Infrastructure 2024,” shows a staggering increase in recovery costs for the Energy and Water sectors.

Experts from Sophos say that the median recovery costs for these critical infrastructure sectors have quadrupled to $3 million (Sh390 million) over the past year, significantly higher than the global cross-sector median.

The report also reveals that nearly 49 per cent of ransomware attacks on these sectors began with an exploited vulnerability.

According to Sophos global Field Chief Technology Officer Chester Wisniewski, criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly.

“This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption,” said Wisniewski.

The finding show that Public utilities face heightened vulnerability due to older technologies configured for remote management without modern security controls like encryption and multifactor authentication.

Further many of these utilities operate with minimal staffing, lacking the IT resources needed for timely patching and monitoring.

 “Criminals target sectors where disruption causes the most pain, hoping for ransom payments to restore services quickly. Utilities, due to their essential functions, are prime targets for these attacks,” added Wisniewski.

In addition to soaring recovery costs, the median ransom payment for these sectors rose to over $2.5 million (Sh325 million) in 2024, which is $500,000 (Sh64,97 million) higher than the global cross-sector median.

Read Also: Finance, government to drive $6.2Bn cyber security spending jump in 2024

Cybersecurity Recovery Costs

The Energy and Water sectors also reported a high rate of ransomware attacks, with 67 per cent of organisations affected in 2024, compared to the global average of 59 per cent.

Other key findings from the report include longer recovery times, with only 20 per cent of organisations hit by ransomware recovering within a week in 2024, down from 41 per cent in 2023.

More than 55 per cent took over a month to recover, compared to 36 per cent in 2023, and across all sectors, 35 per cent took over a month to recover.

These sectors reported the highest rate of backup compromise (79 per cent) and the third-highest rate of successful encryption (80 per cent) compared to other industries surveyed.

An increasing number of organisations (61 per cent) paid the ransom as part of their recovery, yet recovery times extended.

The experts say that high ransom rates and amounts encourage more attacks and do not result in shorter recovery times.

“Utilities must monitor their exposure to remote access and network device vulnerabilities and ensure 24/7 monitoring and response capabilities. Incident response plans should be regularly rehearsed, similar to emergency plans for fires or natural disasters,” added Wisniewski.

The report is based on data from 275 respondents working in energy, oil and gas, and utilities organisations, part of a broader survey of 5,000 cybersecurity and IT leaders across 14 countries and 15 industry sectors conducted between January and February 2024.

Sophos says that Ransomware attacks remain a major threat to energy, oil/gas and utilities organisations of all sizes around the globe.

While the attack rate globally has dropped, energy, oil/gas and utilities experienced the same frequency of attacks as last year.

Additionally, the impact of an attack on energy, oil/gas and utilities organisations that fall victim has increased, with the sector reporting one of the highest rates of data encryption and the recovery time from ransomware attacks increasing. As adversaries continue to iterate and evolve their attacks, it’s essential that defenders and their cyber defenses keep pace

The nature and availability of official support when dealing with ransomware attacks vary on a country-by-country basis, as do the tools to report a cyberattack.

US victims can leverage the Cybersecurity and Infrastructure Security Agency (CISA); those in the UK can get advice from the National Cyber Security Centre (NCSC); and Australian organisations can call on the Australian Cyber Security Center (ACSC), to name but a few.

Read Also: 2024 Sophos Threat Report: Data and Credential Theft on The Rise Targeting SMBs