Data recovery costs after ransomware attack in energy and water sector reach $3 million

The median debt collection costs in two critical infrastructure sectors, energy and water, quadrupled to $3 million over the past year, according to a new report from Sophos.

That’s four times more than global cross-sector median. Additionally, 49% of ransomware attacks on these two key infrastructure sectors began by exploiting a security vulnerability.

“Criminals are converging where they can cause the most pain and disruption, so the public will demand quick solutions and hope they will pay a ransom to restore services faster. This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society requires them to recover data quickly and with minimal disruption,” said Chester Wisniewski, Global Field CTO.

“Unfortunately, utilities are not only attractive targets, but also vulnerable on multiple fronts, including high availability and security requirements, as well as an engineering mindset focused on physical security. Legacy technologies configured to enable remote management without modern security controls such as encryption and multi-factor authentication prevail. Like hospitals and schools, these utilities often operate with minimal staff and without the IT staff required to maintain mountain of patchingthe latest security vulnerabilities and the monitoring required for early detection and response.”

In addition to the rising costs of data recovery, the median ransom paid to organizations in these two sectors rose to over $2.5 million in 2024, which is $500,000 more than global cross-sector median. The energy and water sectors also reported the second-highest rate of ransomware attacks. Overall, 67% of organizations in these sectors reported being victims of ransomware in 2024, compared to the global cross-sector average of 59%.

The report also noted that the energy and water sectors reported increasingly long recovery times. Only 20% of organizations affected by ransomware were able to recover data in a week or less in 2024, compared to 41% in 2023 and 50% in 2022. Fifty-five percent took more than a month to recover data, compared to 36% in 2023. By comparison, across all sectors, only 35% of companies took more than a month to recover data

These two critical infrastructure sectors had the highest backup breach rate (79%) and the third highest encryption success rate (80%) compared to other industries surveyed

“This shows once again that paying a ransom is almost always against our best interests. An increasing number (61%) have paid a ransom as part of a recovery, yet the time it takes to recover data has increased. These high rates and ransom amounts not only encourage more attacks on the sector, but also fail to achieve the stated goal of shorter recovery times,” Wisniewski said.

“These utilities need to recognize that they are being targeted and take proactive steps to monitor their operations. exposing remote access and network devices to security vulnerabilities and ensure they have 24/7 monitoring and response capabilities to minimize disruptions and speed recovery times. Incident response plans should be planned in advance, as they are for fires, floods, hurricanes and earthquakes, and should be reviewed regularly.”

Sophos “The State of Ransomware in Critical Infrastructure in 2024” the report date is from 275 respondents from energy, oil and gas, and utilities organizations that make up CISA’s Energy and Water Sectors 16 defined critical infrastructure sectorsThe results of this sector research report are part of broader vendor-neutral survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 in 14 countries and 15 industry sectors.

Follow us on Telegram, TwitterAND FacebookOr sign up for our weekly newsletter to make sure you don’t miss anything future updates. Send your tips to [email protected]