close
close

Energy sector hit harder by ransomware attacks than other sectors

Posted on by darion

Cybersecurity firm Sophos said in a new report that ransomware attacks on oil and gas companies and utilities have not decreased over the past year, even as the overall number of such attacks has declined globally.

According to Sophos, not only has the frequency of attacks on critical oil, gas and services infrastructure not decreased compared to other sectors, but their impact on companies that fall victim to ransomware attacks has increased.


The cybersecurity firm based its report, The State of Ransomware in Critical Infrastructure 2024, on the results of a survey commissioned by Sophos of 5,000 IT and cybersecurity leaders in 14 countries across the Americas, EMEA and Asia Pacific, which included 275 respondents from organizations across energy, oil and gas and utilities.

The study found that the oil, gas and utilities sector had one of the highest rates of data encryption, while recovery times from ransomware attacks increased.


The time it takes to recover from a ransomware attack continues to increase for energy, oil, gas, and utilities organizations, Sophos noted. Research from 2024 found that 20% of ransomware victims in energy, oil/gas, and utilities fully recovered within a week or less, up from 41% in 2023 and 50% in 2022.

Moreover, 55% of the energy, oil, gas and utilities sector now needs more than a month to recover lost profits, compared to 36% in 2023 and 19% in 2022.

“This slowdown may reflect the increased complexity and severity of attacks, which requires more recovery work. It may also indicate a growing lack of recovery preparedness,” Sophos said in the report.

Over the past year, 61% of energy companies have paid ransom to recover encrypted data, while only 51% have recovered encrypted data using backups — the lowest backup usage rate reported across all sectors. This is the first time that organizations in the energy, oil/gas, and utilities industries have reported a greater willingness to pay ransom than to use backups, Sophos noted.


Earlier this year, the North American Electric Reliability Corporation warned that the US power grid was more vulnerable to cyberattacks.

Author: Tsvetana Paraskova for Oilprice.com

More Top Stories from Oilprice.com: