Ransomware trends for the rest of the year, according to Veeam

Latin America. The consulting firm Veeam presented the results of its most recent Ransomware Trends Report, edition for Latin America.

According to the Data Protection Trends 2024 report, based on interviews with IT managers and implementers from 10 countries around the world:

• Only 25% of organizations believe they were not attacked by ransomware in 2023.
• 49% say they have been attacked between one and three times that year.
• 26% of organizations stated that they were attacked four or more times.

Due to the high attack rates shown in this unbiased report each year, Veeam commissioned the Ransomware Trends report to better understand attacks, recoveries and lessons learned.

The 'Ransomware Trends 2024' report is the third annual publication of an unbiased study conducted by a team of independent analysts that surveyed anonymous but selected organizations that, in the last 12 months, suffered at least one successful cyberattack. Ransomware continues to be a growing concern for everyone within the IT industry. Gartner forecasts a planned 3.5% increase in overall IT budgets globally by 2024. In this survey, LATAM respondents expect budget increases of 6.2% for cyber prevention and detection technologies, and 5.9% for recovery technologies such as backup and business continuity/recovery
(BCDR).

Organizations are not coordinated
For the third year in a row, more than half of organizations (69% in LATAM) believe that a "significant improvement" or a "complete overhaul" is necessary for organizations to coordinate their backup and cybersecurity teams.

According to respondents, the two teams that receive notifications most frequently to launch remediation efforts are the executives responsible for prevention and remediation and the IT backups team. This is immediately followed by cybersecurity experts and the organization's overall risk management team.

89% of organizations surveyed stated that they also turned to third parties during the recovery process, with these four types of experts being the most hired:

• Security software vendors.
• Backup software providers.
• Forensic security specialists.
• Resellers, partners, or service providers.

Two of the most shocking statistics from the 1200 global lessons in 2023 are:

• 37% of production data was successfully encrypted by malicious people in last year's attacks.
• 53% of affected data was able to be recovered after being encrypted in a ransomware attack.

Two key questions asked each year in this survey are:

• Did you pay the ransom?
• Were you able to recover the data?

In 2023 within LATAM:

• They paid and were able to recover their data after the attack: 50%.
• They paid but were unable to recover data lost in the attack: 26%.
• Recovered without paying the ransom demanded: 16%.

The overall results were similar:

• 54% paid and were able to recover their data after the attack.
• 27% paid but were unable to recover data lost in the attack.
• 15% recovered the data without paying the demanded ransom.
• With the remaining 4%, no ransom was requested.

These statistics are significant, not least because they show that about one in four of the organizations that paid the ransom were unable to recover their data even after paying.

Beyond the rescue
73% of organizations believe they are protected by insurance, although 21% of those insurance policies specifically exclude ransomware. However, the costs of prevention, detection, recovery services, and the ransom itself are far from the only economic factors that can affect your organization in the event of a ransomware attack. In fact, of all the responses to this year's survey, only 1 in 9 organizations (11%) stated that paying a ransom generated the largest part of the overall financial impact for their organization. For the rest of the cyber victims, the overall economic impact was substantially greater than "just" the ransom itself.

In terms of companies' internal policies in 2023, only a small number of organizations (14%) did not have a policy on whether or not to pay a ransom. While most organizations had a policy, opinions were almost equally divided toward paying (49%) and not paying (38%).

Regardless of whether they had a policy or not, it should come as no surprise to anyone that while only a minority of organizations had a pay-as-you-go policy, 76% ended up paying. That said, 66% paid with insurance and another 17% had insurance but chose to pay without claiming it. This means that in 2023, 83% of organizations had insurance that they could have used for a cyber event.

No recovery plan
In 95% of organizations (who had a team with a plan), the two most prevalent aspects of their incident response playbook were ensuring clean, recoverable data. This explains why 28% of LATAM organizations have alternative infrastructure in their plans, which means, unfortunately, that the other 72% do not have a plan for where they will recover after a location-level crisis.

2024: Immutability is still not enough
In 2024, it's not unreasonable for organizations to adopt immutable storage within their local disks, complemented by immutable cloud repositories and isolated tapes. Unfortunately, even of those who have experienced at least one cyberattack in the past, only 76% use hardened disks on-premises and only 80% use clouds with immutability. Thus, only 49% of the organization's total backup storage is immutable.

That said, it's encouraging that organizations are adopting the industry-standard 3-2-1 rule of having multiple media types, regardless of whether or not those media types can be immutable. By 2024, in addition to on-premises disk repositories, 45% of production data is retained on at least one tape, while 52% is also replicated to a cloud.