Despite data encryption 72% govt entities globally hit by ransomware: Sophos

Around 72% of state and local government organisations globally attacked by ransomware had their data encrypted — 7% more than the cross-sector average, a new global study said. Data encryption is a security method where information is encoded and can only be accessed or decrypted by a user with the correct encryption key.

The report published by cybersecurity firm Sophos also said that only 20% of state and local government organisations were able to stop the ransomware attack before data could be encrypted — significantly less than the cross-sector average of 31% of which 8% had their data held for ransom but not encrypted.

“Traditionally, government organisations haven’t been prime targets for ransomware attackers, since they don’t have as much money as traditional businesses, and criminal groups are reticent to attract attention from law enforcement. However, when these organisations do get hit, they have little in the way of protection because they don’t have the budget for additional, in-depth cybersecurity support, including threat hunting teams or security operations centres,” said Chester Wisniewski, principal research scientist, Sophos.

The cost for government organisations to remediate an attack was three times the average ransom the sector paid, said the study. “If we look at what happened with the city of Atlanta, Georgia, back in 2018, they ultimately ended up paying $17 million to recover from an attack that asked for $50,000 dollars in ransom. This is often the case with local and state government organisations — they spend far more on recovering and catching up with current security practices than they do on the actual ransom demand, should they choose to pay it. While getting the initial buy-in may be hard, in the long term, pre-emptive cybersecurity measures are a far better alternative than bolstering defenses after an attack,” said Wisniewski.

India, like the rest of the world is also seeing a spike in ransomware attacks on both the government and private entities. Around 75% of Indian firms have been hit by ransomware attack in the last three years, since 2019, according to Japanese cyber security firm Trend Micro, which added said that eight out of 10 organisations in India believe that they could be a target for ransomware attack.

In India itself, a recent report by the Indian Computer Emergency Response Team (CERT-In) said that it has observed a 51% increase in ransomware incidents in the country in the first half of the business year (H1) in 2022, with the IT sector the most affected when it comes to these attacks, followed by manufacturing, finance and government.