Earlier this year, Veeam published the results of the largest independent research project in the data protection industry, from 3,393 unbiased organizations across 28 countries: The 2022 Data Protection Trends Report. A few of the key findings in that research revealed:
- Only 24% were not attacked by ransomware — or they were unaware of an attack
- 16% were attacked once in 2021
- 60% were attacked 2+ in 2021
Of those attacked, 47% of data was successfully encrypted, and of the encrypted data, only 64% was recoverable. Read that again: Simple math shows the average victim loses 17% of their data per attack.
In many ways, the annual DPR project helps Veeam understand where the industry is moving, what customers are looking for next, and ultimately, where Veeam should focus its innovations. But, as with most research projects, good data brings great questions; and that means “more research” — in this case, a complete project on the causes, impacts, remediations, and learnings from ransomware attacks. To accomplish this, Veeam again contracted with an independent research firm to survey 1,000 organizations that had been attacked by ransomware in 2021. To learn even more, they surveyed four different personas that each have unique responsibilities and perspectives regarding ransomware prevention and remediation:
- 400 security professionals: Operators of cybersecurity detection or prevention technologies
- 200 CISOs or other equivalent IT executives: Responsible for cybersecurity preparedness
- 200 IT operations: Primarily focused on production IT system delivery
- 200 backup administrators: Operators of backup and recovery mechanisms
Let’s dive further into some of the report’s findings.
Ransomware entry points and destinations
Similar to other attacks, ransomware breaches company defenses and focuses its attack on a certain point. The most common entry point for ransomware (according to 44% of survey respondents) was people clicking malicious links, visiting insecure websites and engaging with phishing emails.
After the breach, 80% of ransomware attacks sought mainstream systems with known vulnerabilities. The most common encryptions occurred at remote office platforms (49%), data center servers (48%) and cloud-hosted server instances (46%).
Once data is at the mercy of hackers, a company can usually restore its environment with a backup. This fallback, however, is being challenged by hackers also looking to destroy their victim’s data backup repositories:
- 38% had some repositories impacted
- 30% had all their repositories impacted
Not only are hackers holding data ransom through encryption, but also blocking the victim’s ability to restore data from backups. This increases the likelihood the victim will pay the ransom. Speaking of, here are our findings on payments and recovery:
- 52% paid the ransom and recovered their data
- 24% paid the ransom and still couldn’t recover their data
- 19% did not pay the ransom and were able to recover their data
To prevent attackers from having the upper hand when they impact backups, many organizations are using immutable or air-gabbed backup repositories, backups that can’t be altered, to ensure recovery is possible. Most (74%) use cloud repositories that offer immutability, 67% use on-premises disk repositories with immutability or locking, and 22% use tape that is air-gapped.
Ransomware continues to be a major threat, affecting all types of organizations. And by sharing these statistics, we hope people will see the prevalent threat and how essential it is to have a reliable protection and backup plan in place.
There’s still more information to dive into. If you’re interested in reading the full 2022 Ransomware Trends Report, you can download it here.