Most ransomware-hit enterprises report to authorities, but level of support varies
The majority of organizations hit by a ransomware attack are choosing to report to the relevant authorities, but the level of support they receive back varies depending on where they are.
Globally, 97% of businesses impacted by ransomware attacks in the past year reached out to law enforcement and other government agencies for help, according to new findings extracted from Sophos' State of Ransomware 2024 report. The study drew insights from 2,974 organizations that were hit by ransomware, from a total pool of 5,000 IT and cybersecurity professionals polled for the report. Respondents were from 14 markets including Singapore, India, Australia, Italy, the UK, and the US.
Also: 91% of ransomware victims paid at least one ransom in the past year, survey finds
All organizations hit by ransomware attacks in Switzerland reported to the relevant authorities, while the lowest number at 90% in Australia did likewise.
Worldwide among those that did report, 61% said they received advice on dealing with the attack and 60% got help investigating the attack.
Those in India reported the highest level of support, with 71% getting advice on dealing with the attack and 70% receiving help investigating it. Their peers in Singapore reported the second-highest level of support, at 69%, in gaining advice on dealing with the attack, while 68% in South Africa attained the second-highest level of support in terms of incident investigation.
Those in Germany, at 51%, got the lowest rate of support in such investigation efforts, as did 51% of ransomware victims in Austria that got advice on dealing with the attack.
In addition, among the 40% globally that had their data encrypted in the attack, 58% received help recovering data encrypted in the attack. Here, India again topped the pack, with 71% getting help from the authorities in recovering their encrypted data, followed by 64% in Austria and 62% in Singapore.
Those that received the lowest support of help in recovering their encrypted data were 45% in Switzerland, 49% in France, and 53% in Italy.
In the US, 65% of enterprises reported receiving help to investigate attacks.
Among the 3% that chose not to report their attack, 27% cited concerns that doing so would harm their business -- in the form of fines, charges, or extra work. Another 27% opted against reporting to the authorities because they did not think it would benefit them, while 22% did not think these officials would be interested in knowing about the attack.
"Companies have traditionally shied away from engaging with law enforcement for fear of their attack becoming public. If they are known to have been victimized, it could impact their business reputation and make a bad situation worse," said Chester Wisniewski, Sophos' director and field CTO. "Victim shaming has long been a consequence of an attack, but we've made progress on that front, both within the security community and at the government level."
Also: What is ransomware? Everything you need to know and how to reduce your risk
The addition of new regulations on cyber incident reporting, for example, might have helped normalize engagement with law enforcement, Wisniewski added.
"If the public and the private sectors can continue to galvanize as a group effort to help businesses, we can continue to improve our ability to recover quickly and gather intelligence to protect others or even potentially hold those conducting these attacks responsible," he said.
Some 91% of ransomware victims acknowledged having paid at least one ransom, according to an ExtraHop survey released last month. The average payment was almost $2.5 million, with 41.6% forking out between $500,000 and $1 million and 23.4% paying $100,000 to $500,000.