The advent of ransomware continues to pose a significant threat to businesses worldwide. In particular, the energy, oil/gas, and utilities sectors, which form a critical aspect of business support infrastructure, have suffered extensive ransomware attacks. The recent annual study provided in-depth insights about the progression of these attacks. Such revelations range from the incidence frequency to the root causes, as well as their operational impact and the resulting business outcomes.
An important revelation from this year’s report pertained to the relationship between ransom demands and payments. It also offered insight on the support provided to these sectors by law enforcement to help avert these cyberattacks.
Stable Attack and Recovery Rates
In 2024, approximately 67% of businesses in the energy, oil/gas, and utilities sectors fell prey to ransomware attacks. This number remained unchanged from the previous year. However, even companies that had planned for such eventualities by maintaining backups saw that these efforts were not immune to compromise. Cybercriminal assailants attempted to target these security measures in 98% of the ransomware attacks on the sector in the past year. Unfortunately, these efforts were a staggering 79% successful, representing the highest rate of successful backup compromises across all sectors.
Despite the alarming statistics, there was a glimmer of hope. Organizations continued to recover from these attacks. The costs were deemed manageable, averaging roughly $3.12 million per attack in 2024, a nominal decrease from $3.17 million in 2023.
Extent of Damage: Ransomware Attacks
Ransomware attacks managed to affect an average of 62% of computers in affected businesses. This was significantly higher than the cross-sector average of 49%. In 17% of cases, the ransomware infected over 91% of the infected organization’s devices, a significantly high number.
Decreasing Dependence on Backups for Data Recovery
In an interesting turn of record, fewer businesses resorted to restoring encrypted data using backups. 61% decided to pay the ransom to recover encrypted data, with only 51% opting to use their backups. This was the first notable instance of the energy, oil/gas, and utilities sectors expressing a higher tendency to resolve ransomware issues by paying the demanded ransom than utilizing their backups.
A remarkable shift in the sector was noticed over the last year. Victims increasingly adopted various recovery measures to regain their encrypted data, apart from just paying the ransom.
Ransom Negotiations: A Twist in the Tale
A total of 86 businesses within the energy, oil/gas, and utilities sectors paid ransoms in 2024, revealing that the average payment hovered around $2.5 million. A close look at the data revealed various outcomes and strategies businesses adopted. While 48% of respondents paid the initially requested amount, 26% successfully negotiated and paid less than the original demand. However, approximately 27% ended up digging deeper into their pockets, paying more than the initially demanded ransom.
The aforementioned survey, which compiled these findings, was an independent study commissioned by Sophos. It involved 5,000 IT and cybersecurity leaders from 14 countries across the Americas, EMEA, and Asia Pacific, which included 275 respondents from the energy, oil/gas, and utilities sector. All respondents represented organizations employing between 100 and 5,000 people.
The findings of the report throw light on the urgency of implementing WordPress security measures and ensuring businesses are equipped to fix hacked WordPress websites in the aftermath of an attack. They also highlight the undeniable need for competent services related to WordPress malware removal to ensure safe and efficient website operations.
Need security services for your WordPress site? Contact DrGlenn for protection and recovery. Order Services Today!.