Cybersecurity company Sophos has released its State of Ransomware in Critical Infrastructure 2024 report this week. It reveals that the median recovery costs for two critical infrastructure sectors, energy and water, quadrupled to USD3 million over the past year – four times higher than the global cross-sector median. The report also revealed that 49% of ransomware attacks against these two critical infrastructure sectors started with an exploited vulnerability.
On top of growing recovery costs, the median ransom payment for organisations in these two sectors jumped to more than USD2.5 million in 2024 – USD500,0000 higher than the global cross-sector median. The energy and water sectors also reported the second highest rate of ransomware attacks. Overall, 67% of the organisations in these sectors reported being hit by ransomware in 2024, compared to the global, cross-sector average of 59%. Other findings from the report include:
- The energy and water sectors reported increasingly longer recovery times. Only 20% of organisations hit by ransomware could recover within a week or less in 2024, compared to 41% in 2023 and 50% in 2022. 55% took over a month to recover, up from 36% in 2023. In comparison, across all sectors, only 35% of companies took more than a month to recover.
- These two critical infrastructure sectors reported the highest rate of backup compromise (79%) and the third highest rate of successful encryption (80%) when compared to the other industries surveyed.
Data for the report come from 275 respondents at energy, oil and gas, and utilities organisations. The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.
“Criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly,” said Sophos Global Field CTO Chester Wisniewski. “This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption.”
“Unfortunately, public utilities are not only attractive targets but vulnerable to attacks on many fronts, including the requirement for high availability and safety, as well as an engineering mindset focused on physical security. There’s a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multifactor authentication. Like hospitals and schools, these utilities frequently operate with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities, and the monitoring required for early detection and response.”
“This once again shows that paying ransom payments almost always works against our best interests,” added Wisniewski. “An increasing number (61%) paid the ransom as part of their recovery, yet the amount of time it took to recover was extended. Not only do these high rates and amounts of ransoms encourage more attacks on the sector, but they are not achieving the claimed goal of shorter recovery times.”
“These utilities must recognise they are being targeted and take proactive action to monitor their exposure of remote access and network devices for vulnerabilities and ensure they have 24/7 monitoring and response capabilities to minimise outages and shorten recovery times. Incident response plans should be planned in advance, the same as for fires, floods, hurricanes and earthquakes, and be rehearsed on a regular schedule.”
You can read the full report here.