A Sophos sector survey report, The State of Ransomware in Critical Infrastructure 2024, has revealed that the median recovery costs for two critical infrastructure sectors, energy and water, quadrupled to $3 million over the past year.
Related article: World-first cybercrime index ranks countries by threat level
This is four times higher than the global cross-sector median. In addition, 49% of ransomware attacks against these two critical infrastructure sectors started with an exploited vulnerability.
Data for the State of Ransomware in Critical Infrastructure 2024 report comes from 275 respondents at energy, oil and gas, and utilities organisations.
โCriminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly,” said Chester Wisniewski, global field CTO.
On top of growing recovery costs, the median ransom payment for organisations in these two sectors jumped to more than $2.5 million in 2024โ$500,0000 higher than the global cross-sector median.
The energy and water sectors also reported the second highest rate of ransomware attacks. Overall, 67% of the organizations in these sectors reported being hit by ransomware in 2024, in comparison to the global, cross-sector average of 59%.
Other findings from the report include:
- The energy and water sectors reported increasingly longer recovery times. Only 20% of organisations hit by ransomware were able to recover within a week or less in 2024, compared to 41% in 2023 and 50% in 2022. Fifty-five percent took more than a month to recover, up from 36% in 2023. In comparison, across all sectors, only 35% of companies took more than a month to recover.
- These two critical infrastructure sectors reported the highest rate of backup compromise (79%) and the third highest rate of successful encryption (80%) when compared to the other industries surveyed.
Related article: Improving the cyber resilience of Australiaโs energy sector
โUtilities must recognise they are being targeted and take proactive action to monitor their exposure of remote access and network devices for vulnerabilities and ensure they have 24/7 monitoring and response capabilities to minimise outages and shorten recovery times,” Wisniewski said.
