Ransomware attacks hit energy, oil and gas sectors particularly hard, report says

Ransomware attacks are hitting the energy and oil and gas sectors harder, costing utilities more time and money to recover data as victims become more willing to pay ransom demands, according to a new report from cybersecurity firm Sophos.

The report examines the impact of ransomware on critical infrastructure organizations and draws on more than 200 responses from a broader survey of 5,000 cybersecurity and IT leaders conducted in January and February. Sophos said the rate of ransomware attacks appears to be declining globally, but researchers found that recovery times for the energy, oil and gas, and utilities sectors have been steadily increasing through at least 2022.

“This slowdown may reflect the increased complexity and severity of attacks, which require more recovery work. It may also indicate a growing lack of preparedness for recovery,” the report notes.

The report found that more than half of ransomware attack victims in the energy, oil and gas, and utilities sectors took more than a month to recover their data, compared with 19% in 2022.

The Biden administration has spent the past few months warning about Chinese infiltrations of sensitive civilian and military critical infrastructure. Security officials have indicated that the “Volt Typhoon” hackers may be trying to disrupt critical infrastructure serving civilians in an effort to shift public opinion amid rising tensions over Taiwan.

Experts warn that cyberattacks on IT infrastructure — such as bill payment systems — can impact operations and services. This means that even if an attack only affects a company’s IT, it could impact critical services such as power generation and transmission.

“A majority of legacy technologies are configured to enable remote management without modern security controls like encryption and multi-factor authentication,” said Chester Wisniewski, global director of field technology at Sophos, in a press release. “Like hospitals and schools, these utilities often operate with minimal staff and without the IT staff required to keep up with patching, the latest vulnerabilities, and the monitoring required for early detection and response.”

According to Sophos, nearly half of successful attacks occurred due to an unpatched or undamaged vulnerability, while just over a quarter were caused by compromised credentials, according to the report. The researchers also noted that the energy, oil and gas, and utilities sectors are the “most vulnerable to exploitation of unpatched vulnerabilities.”

Additionally, the same group is more willing to pay a ransom to recover encrypted data than to use backups.

“For the first time, organizations in the energy, oil and gas, and utilities industries reported a greater willingness to pay ransom than to rely on backups,” the report noted.

While the study highlights that ransomware continues to be one of the most disruptive threats to critical infrastructure operations, a general lack of understanding of the broader threat landscape due to lax reporting regulations means the true cost of ransomware could be much higher. The Cybersecurity and Infrastructure Security Agency is moving through a rulemaking process that would require many critical infrastructure organizations to report significant cyber incidents, with final regulations expected early next year.