The State of Ransomware Attacks in 2022

Cyber attacks represent an increasingly impactful threat for business owners active in virtually every global industry. Between 2015 and 2021, the annual cost of cyber attacks doubled on the international stage, from $3 trillion to $6 trillion. Ransomware cyber attacks, specifically, leaped by 105 percent in 2021. The first four months of 2022 brought several notable ransomware attacks.

Bernalillo County, New Mexico’s most populous county, experienced a data breach on January 5, 2022, that the local government deemed a ransomware issue. While information has been scant, the attack resulted in numerous government buildings being shut down. A prison in the county experienced disruptions to its security feeds, and at one point, inmates were locked into rooms due to the failure of the prison’s automated door system. The county eventually received $2 million in recovery funds.

Internationally recognized sports manufacturer Puma suffered a data breach just five days after Bernalillo County. The manufacturer’s workforce management solutions provider, Kronos, initially reported a ransomware attack in late December 2021, but the company could not determine the extent of the attack for some time. It was ultimately revealed that a former employee made off with sensitive data on more than 6,600 Puma employees, including social security information.

The company did not regain control of the data for nearly one month. In response, Puma provided employees with two years of Experian Identity Works services that provide credit monitoring and identity theft insurance.

The prevalence of ransomware attacks in 2021 can be attributed, in part, to the COVID-19 pandemic. As organizations embrace remote employees and other instances of digital transformation, a company’s digital supply chain is at greater risk.

That said, ransomware attacks have been on the rise long before COVID. Financial damages resulting from ransomware attacks increased from $325 million in 2015 to $5 billion two years later, a rate of increase of 1,500 percent. By 2020, this figure had ballooned to $20 billion, nearly 60 times the amount ransomware cost five years prior.

In 2022, ransomware attacks occur once every 11 seconds. The average cost of a ransomware attack fell slightly from $1.85 million in 2020 to $1.4 million in 2021, with the average price of a paid ransom sitting at approximately $170,404. However, the cost of recovering from a ransomware attack continues to climb, approaching $2 million, according to global cybersecurity leader Sophos. In fact, ransomware recovery costs more than doubled between 2020 and 2021.

Sophos also reported that only 8 percent of businesses can expect to receive all of their compromised data after meeting demands. An additional 29 percent receive half their data at best. Perhaps most troubling is that more than half of the companies involved in the study reported that cyber attackers are too skilled and using technology that is too advanced for their in-house information technology (IT) teams to counter.

Studies suggest that more than nine in 10 cyber attacks start with a phishing e-mail. This fact underscores the importance of cyber security education for all employees, particularly regarding e-mail vigilance, questionable e-mail links and attachments, and similar cyber security subjects.