Announcing the 2022 Ransomware Trends Report

update notice:
The information in this blog post has been updated on November 15, 2022.

Earlier this year, Veeam published the results of the largest independent research project in the data protection industry, from 3,393 unbiased organizations across 28 countries: The 2022 Data Protection Trends Report. A few of the key findings in that research revealed:

  • Only 24% were not attacked by ransomware — or they were unaware of an attack
  • 16% were attacked once in 2021
  • 60% were attacked 2+ in 2021

Of those attacked, 47% of data was successfully encrypted, and of the encrypted data, only 64% was recoverable. Read that again: Simple math shows the average victim loses 17% of their data per attack.

In many ways, the annual DPR project helps Veeam understand where the industry is moving, what customers are looking for next, and ultimately, where Veeam should focus its innovations. But, as with most research projects, good data brings great questions; and that means “more research” — in this case, a complete project on the causes, impacts, remediations, and learnings from ransomware attacks. To accomplish this, Veeam again contracted with an independent research firm to survey 1,000 organizations that had been attacked by ransomware in 2021. To learn even more, they surveyed four different personas that each have unique responsibilities and perspectives regarding ransomware prevention and remediation:

  • 400 security professionals: Operators of cybersecurity detection or prevention technologies
  • 200 CISOs or other equivalent IT executives: Responsible for cybersecurity preparedness
  • 200 IT operations: Primarily focused on production IT system delivery
  • 200 backup administrators: Operators of backup and recovery mechanisms

Let’s dive further into some of the report’s findings.

Ransomware entry points and destinations

Similar to other attacks, ransomware breaches company defenses and focuses its attack on a certain point. The most common entry point for ransomware (according to 44% of survey respondents) was people clicking malicious links, visiting insecure websites and engaging with phishing emails.

After the breach, 80% of ransomware attacks sought mainstream systems with known vulnerabilities. The most common encryptions occurred at remote office platforms (49%), data center servers (48%) and cloud-hosted server instances (46%).

Attack effectiveness

Once data is at the mercy of hackers, a company can usually restore its environment with a backup. This fallback, however, is being challenged by hackers also looking to destroy their victim’s data backup repositories:

  • 38% had some repositories impacted
  • 30% had all their repositories impacted

Not only are hackers holding data ransom through encryption, but also blocking the victim’s ability to restore data from backups. This increases the likelihood the victim will pay the ransom. Speaking of, here are our findings on payments and recovery:

  • 52% paid the ransom and recovered their data
  • 24% paid the ransom and still couldn’t recover their data
  • 19% did not pay the ransom and were able to recover their data

Protecting backups

To prevent attackers from having the upper hand when they impact backups, many organizations are using immutable or air-gabbed backup repositories, backups that can’t be altered, to ensure recovery is possible. Most (74%) use cloud repositories that offer immutability, 67% use on-premises disk repositories with immutability or locking, and 22% use tape that is air-gapped.

Conclusion

Ransomware continues to be a major threat, affecting all types of organizations. And by sharing these statistics, we hope people will see the prevalent threat and how essential it is to have a reliable protection and backup plan in place.

There’s still more information to dive into. If you’re interested in reading the full 2022 Ransomware Trends Report, you can download it here.

Article language
Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.
OK