According to Sophos research, more than 56% of businesses were attacked by this malware and 70% had their data encrypted, demanding ransom payments that increased 5 times compared to 2023.
Ransomware Targets Businesses
The State of Ransomware 2024 special report on the current state of data encryption and extortion malware (Ransomware) from Sophos shows that 2024 continues to be a 'disastrous' year for businesses facing relentless Ransomware attacks.
Sophos said that cyber attacks targeting organizations and small and medium enterprises (SMEs) continue to increase. In particular, Ransomware is considered a huge threat to businesses regardless of size. They are still happening silently and more and more seriously with ransom amounts reaching tens of millions of USD, or equivalent damage due to operational disruption. In addition, targeted attacks (APT - Advanced Persistent Threat) are always the main threats to all organizations and businesses.
Ransomware is a term used to describe a type of malware that encrypts a victim's data, holds it hostage, and then demands ransom from the victim, a business, in cryptocurrency like Bitcoin, to 'rescue' the data.
According to Sophos, more than half of medium and large businesses from 14 countries shared that they were attacked by Ransomware in 2024. Of which, the vulnerabilities that Ransomware exploits most strongly include software or system security vulnerabilities (32%), attacks on weaknesses (29%), malicious emails (23%) and targeted fraud (11%)... On average, 35% of businesses take a week to restore suspended operations after a Ransomware attack, 34% take a month.
Chart comparing the rate of Ransomware attacks on industrial - commercial sectors, management organizations - government agencies. The rate targeting medical organizations and hospitals is still the highest, accounting for 68%.
Lack of unified solution
According to Sophos, the reason why corporate systems are being penetrated is because of the overlap of software, especially in the booming period of AI (artificial intelligence).
The development of new technology applied to the operations of every organization and business increases the cyber attack surface. Too many security vulnerabilities from applications and operating systems are announced regularly, while IT management personnel have not kept up, creating conditions for cyber criminals to carry out attacks.
Many security holes come from applications and operating systems.
Sophos representative said that due to the complexity of information technology systems, most organizations and businesses are facing many problems with information security and safety. The three main problems include: there are many 'blind spots' when deploying security solutions; Lack of monitoring tools to help administrators correlate the entire system; Lack of highly specialized human resources to operate and handle information security incidents.
Sophos believes that small and medium-sized businesses without a professional team can use professional solutions to overcome these weaknesses.
Sophos offers Sophos EDR and XDR (Rapid Detection and Response) solutions with key benefits: Early detection of 'hidden', unnoticed attacks; Reliable reports on the security situation at any time; Quick response and optimal incident handling; Operators have a better understanding of what attack has occurred and how to prevent it. As a result, businesses have an additional security expert to support 24/7.
According to experts from Sophos, a strong workstation protection solution EPP (Endpoint Protection Platform) is not enough to prevent increasingly sophisticated malware attacks. Therefore, advanced technologies are applied to help EPP detect and respond to such incidents effectively, that is EDR (Endpoint Detection & Response). XDR is an extension of EDR.
Sophos XDR can help detect and respond to any incident from Workstations, Servers, Firewalls, Mobile Devices, Cloud…
Three features that give Sophos EDR and XDR an edge include:
Live Discovery: allows administrators to search and query all information about the status, malware, attacks, etc. of the entire system with historical data stored in the Data Lake. Supports IT in proactively hunting for malware (Threat Hunting) based on attack signs (IoA - Indicators of Attack) and intrusion signs (IoC - Indicators of Compromise).
Live Response: guides administrators to respond to incidents effectively, including actions such as: Isolation, Quarantine, Scan, Sampling or in-depth analysis of malicious objects (get file, create threat cases), ... Administrators will have remote access to the terminal on the administration interface for quick handling.
Threat Intelligence: Provides a hierarchical connection map of the origin of events and incidents when they occur (Root Cause Analysis). Integrates advanced technologies such as AI, ML/DL (Machine Learning), Cloud Sandboxing, ... to analyze suspicious files and provide detailed reports on those objects.
Source
Comment (0)