TechNews
Data Encryption from Ransomware Reaches Highest Level in Four Years, Sophos’ Annual State of Ransomware Report Finds
Report by SANDRA ANI


- Paying the Ransom Doubles Recovery Costs
- Rate of Ransomware Attacks Remains Steady, with 66% of Organizations Surveyed Reporting They Were a Victim of Ransomware
Sophos, a global leader in innovating and delivering cybersecurity as a service, today released its annual “State of Ransomware 2023 ” report, which found that in 76% of ransomware attacks against surveyed organizations, adversaries succeeded in encrypting data. This is the highest rate of data encryption from ransomware since Sophos started issuing the report in 2020.
The survey also shows that when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs ($750,000 in recovery costs versus $375,000 for organizations that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45% of those organizations that used backups recovering within a week, compared to 39% of those that paid the ransom.
Overall, 66% of the organizations surveyed were attacked by ransomware—the same percentage as the previous year. This suggests that the rate of ransomware attacks has remained steady, despite any perceived reduction in attacks.
“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos.
“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.


When analyzing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 36% of cases), followed by compromised credentials (involved in 29% of cases). This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.
Additional key findings from the report include:
- In 30% of cases where data was encrypted, data was also stolen, suggesting this “double dip” method (data encryption and data exfiltration) is becoming commonplace
- The education sector reported the highest level of ransomware attacks, with 79% of higher education organizations surveyed and 80% of lower education organizations surveyed reporting that they were victims of ransomware
- Overall, 46% of organizations surveyed that had their data encrypted paid the ransom. However, larger organizations were far more likely to pay. In fact, more than half of businesses with revenue of $500 million or more paid the ransom, with the highest rate reported by those with revenue over $5 billion. This could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments
“With two thirds of organizations reporting that they have been victimized by ransomware criminals for the second year in a row, we’ve likely reached a plateau. The key to lowering this number is to work to aggressively lower both time to detect and time to respond. Human-led threat hunting is very effective at stopping these criminals in their tracks, but alerts must be investigated, and criminals evicted from systems in hours and days, not weeks and months. Experienced analysts can recognize the patterns of an active intrusion in minutes and spring into action. This is likely the difference between the third who stay safe and the two thirds who do not. Organizations must be on alert 24×7 to mount an effective defense these days,” said Wisniewski.


Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
- Strengthen defensive shields with:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
- 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
- Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
- Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations
Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.


“We want Anambra to be known as a destination for innovation, the next Startup State, home for digital Talents, the home of the smart digital tribe”
Ms Chinwe Okoli, the Special Adviser to the Governor of Anambra State on Innovation and Business Incubation addressed the global innovation ecosystem leaders at the 40th IASP World Conference on Science Parks and Areas of Innovation took place at the European Convention Centre, Luxembourg.


The conference with the theme, “𝐌𝐞𝐠𝐚𝐭𝐫𝐞𝐧𝐝𝐬 𝐢𝐧 𝐈𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐨𝐧 𝐄𝐜𝐨𝐬𝐲𝐬𝐭𝐞𝐦𝐬: 𝐖𝐡𝐚𝐭 𝐚𝐫𝐞 𝐭𝐡𝐞 𝐢𝐦𝐩𝐚𝐜𝐭𝐬 𝐟𝐨𝐫 𝐒𝐓𝐏𝐬 & 𝐀𝐎𝐈𝐬?” was an exceptional gathering of global innovation stakeholders from over 55 countries. The three-day conference presented an opportunity for the best innovation districts, science parks and areas of innovation in the world to connect and exchange best practices.
Solution Innovation District, Anambra State was prominent in the conference as Ms Okoli addressed the conference on the topic: “𝐇𝐚𝐫𝐧𝐞𝐬𝐬𝐢𝐧𝐠 𝐭𝐡𝐞 𝐔𝐧𝐭𝐚𝐩𝐩𝐞𝐝 𝐏𝐨𝐭𝐞𝐧𝐭𝐢𝐚𝐥 𝐨𝐟 𝐀𝐧𝐚𝐦𝐛𝐫𝐚 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐓𝐫𝐢𝐛𝐞: 𝐀 𝐂𝐚𝐬𝐞 𝐟𝐨𝐫 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐢𝐧𝐠 𝐂𝐨𝐮𝐧𝐭𝐫𝐢𝐞𝐬.”
She shared the transformative power of the Anambra State Government’s innovation program and highlighted the aspirations of Professor Charles Chukwuma Soludo, the Governor, and efforts in nurturing a robust innovation ecosystem in the State to unlock new opportunities and drive technological progress towards making Anambra the digital and creative capital of Nigeria.
Solution Innovation District (SID) is driven by the Anambra State Government, dedicated to fostering the growth of technology, innovation and entrepreneurship ecosystem.
Ms Okoli restated the commitment of the administration of Governor Soludo towards building the one -of -a kind district in Anambra State, stated the key and ambitious goals of grooming one million Anambra Digital Tribe, startups and digital entrepreneurs and in the end, she called for global partnership.
“Our Mantra in Anambra State is Everything Technology and Technology Everywhere
“At SID, we are activating and developing a dynamic and inclusive ecosystem of the future, Our focus is that in a very short time, Anambra becomes the go-to place for the supply of skills/talents on deep technology -Artificial Intelligence, cybersecurity, robotics, blockchain, Data science, Software Engineering, IoT, Cloud Computing etc.
“Let’s impact the world from the light of the nation, in the biggest country in Africa, let’s do digital magic with the Anambra Digital Tribe”.


IASP, the International Association of Science Parks and Areas of Innovation, is the leading association of innovation ecosystems worldwide.
This organization actively unites and empowers a network of managers overseeing areas of innovation, science parks, research parks, innovation districts, knowledge cities, and various other innovation spaces. It’s the driving force behind the exchange of cutting-edge knowledge and best practices, propelling innovation on a global scale.
TechNews
Sophos Launches Wi-Fi 6 Access Points
Sophos supports shift to hybrid environments with new generation of remotely managed, reports SANDRA ANI


Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced the Sophos AP6 Series to support the shift to hybrid environments with a new generation of remotely managed Wi-Fi 6 access points.
The new offering adds another component to Sophos’ secure access portfolio, which includes Sophos Firewall and Sophos Switch.
“With cloud-managed Wi-Fi, Sophos is addressing the need for more scalable, remote-managed Wi-Fi solutions that support the increasing number of connected devices and the proliferation of IoT systems,” said Daniel Cole, vice president of product management at Sophos. “This combination of our Sophos AP6 Series and Sophos Switches provides channel partners with a consolidated single vendor access solution strategy, easing the burden and overhead cost of managing multiple disparate systems from different vendors. Many access layer networks are still operating at 1 Gigabit speeds. With the significant performance enhancements in Wi-Fi 6, the industry has a great opportunity to review and modernize the network ecosystem that wireless is deployed into. Sophos’ solution dissolves a common bottleneck at the physical layer and can boost the total network performance of a company’s Wi-Fi infrastructure.”
Sophos AP6 models – including 420E, AP6 840, AP6 840E and the outdoor AP6 420X – have at least one built-in 2.5 Gigabit interface for faster LAN connectivity.
When combined with the Sophos multi-Gigabit switches, which also support 2.5 Gigabit Ethernet, companies can unlock faster speeds across the entire network. With the AP6 420E and 840E devices, which support Wi-Fi 6E, companies can additionally use the 6 GHz band, which is a newer, less congested space, offering high performance for the latest devices.
Sophos access points can be remotely managed in the cloud-based Sophos Central platform alongside a broader range of solutions than any other vendor.
This enables partners to oversee all customer installations, respond to alerts, and track licenses and upcoming renewal dates via a single, intuitive interface. Additionally, there is an on-premises interface administrators can take advantage of for on-AP settings.
Availability
The Sophos AP6 Series is available for immediate purchase exclusively through Sophos’ global channel of partners and managed service providers (MSPs).
TechNews
Sophos Launches Incident Response Retainer


- Sophos Retainer Cuts Red-Tape, Allowing Sophos Incident Responders to Quickly Investigate and Remediate Active Attacks
- Shorter Attacker Dwell Times Require Faster Response, as Indicated in Sophos’ New Active Adversary Report for Tech Leaders
Sophos, a global leader in innovating and delivering cybersecurity as a service, has announced its new Sophos Incident Response Retainer, which provides organizations with speedy access to Sophos’ industry-first fixed-cost incident response service that includes 45 days of 24/7 Managed Detection and Response (MDR).
The retainer cuts red tape, allowing Sophos incident responders to quickly jump into active cyberattacks to investigate and remediate them. External vulnerability scanning and critical preparedness guidance are also included in the retainer, enabling organizations to proactively improve their existing security resilience by pinpointing and resolving issues that reduce the likelihood of a breach in the first place.
At a time when attacker dwell time is steadily shortening, as revealed in a new 2023 Active Adversary Report for Tech Leaders that Sophos published today, time to locate and evict adversaries is critical in limiting damage and completely stopping nefarious endgames, such as data breaches and ransomware. The report indicates that median adversary dwell time continued to plummet, from 10 days in 2022 to eight days in the first half of 2023; for ransomware alone, the time between initial access and impact dropped from nine days to just five. Adversaries also preferentially carried out attacks during targets’ night and weekend hours, with only 9.6% of ransomware incidents taking place during the targets’ daytime business hours.
The single most common attack times were Fridays between 11 p.m. and midnight in the targets’ local time zones.
“Incident response retainers help organizations prepare in advance for the fastest response time possible to defend against active cyberattacks. Due to today’s complex and mixed-vendor computing environments, skills shortages, evolving attacker behaviors, and cyber insurance requirements, it’s critical that all organizations have pre-determined incident response plans in place.
Tangible ‘readiness’ is now a key component for cyber resilience,” said Rob Harrison, vice president, product management at Sophos. “Adversaries will often abuse the same weakness in a single system, and it’s not unusual for multiple, different attackers to go after the same target if there’s potential exposure. Sophos’ goal is to immediately stop active attacks and make sure complete remediation is achieved, regardless of how many hours it takes. We are the only security vendor that offers this caliber of retainer services for urgent security incidents.”
“Sixty-five percent of organizations suffered a significant breach event in the last 12 months despite considerable investments in cybersecurity tools, according to IDC ransomware research,” said Chris Kissel, research vice president, security and trust products, IDC. “Dealing with unexpected cyberattacks is time sensitive, stressful and a large financial commitment. The only way to save time, reduce costs and mitigate the impact of a breach is to have an experienced incident response team in place and lined-up ready to go – before attackers strike.”
The Sophos Incident Response Retainer is available in three tiers through Sophos partners worldwide. With Sophos’ unique ability to threat hunt, respond to and remediate attacks within multi-vendor environments, the retainer is available to non-Sophos customers, in addition to customers already using Sophos’ robust portfolio of innovative endpoint, network, email, and other security products, or Sophos MDR Essentials. Endpoint configuration health checks and device audits are also included in the retainer for existing Sophos customers. Organizations that prefer broader services in one package can purchase Sophos MDR Complete, which automatically includes full-scale incident response.
“The Sophos incident response retainer is the perfect tool for partners to help customers take a proactive approach to improving their cyber defenses, and it will enable us to more quickly respond and take necessary immediate action in a worst-case attack scenario when every minute counts,” said Jonny Scott, vendor alliance manager at Phoenix Software. “Sophos Incident Response’s fixed-cost pricing is genius, especially considering how every attack scenario is different and how quickly costs can rack up. The sheer breadth of resources included with the retainer – from scanning for vulnerabilities to patch and prevent breaches, to having a team of experts on standby 24/7 ready to battle head-to-head with adversaries – make it an absolute must have.”
-
Politics3 days ago
PHOTOS: Adeyemo, First Black US Deputy Treasury Secretary, Visits Nigeria To Strengthen Economy Ties
-
News5 days ago
Actor/Pastor Jimmy Odukoya To Become New Senior Pastor Of Fountain Of Life Church After His Dad
-
News4 days ago
Femi Falana Demands Coroner’s Inquest Into Mohbad’s Death
-
Health3 days ago
LUTH Doctor Slumps And Dies After 72hrs Call In The Neurosurgery Unit
-
Finance13 hours ago
CBN confirms Emefiele’s Resignation As Cardoso Assumes Office
-
Entertainment20 hours ago
“Young People Need To Chill “ – Rapper Phyno
-
News5 days ago
Three Suspects Arrested For Allegedly Killing And Harvesting Organs Of A Bike Man In Port Harcourt
-
Entertainment2 days ago
Late Singer, MohBad’s Body Exhumed For Autopsy; CP Asks Naira Marley And Sam Larry To Come In For Questioning Or Be Declared Wanted