Ransomware costs for energy, water sectors soar to US$3 million

iStock Photo

By Francis Allan L. Angelo

The median recovery cost for ransomware attacks targeting the energy and water sectors has quadrupled to US$3 million over the past year, significantly surpassing the global cross-sector median, according to a recent survey by cybersecurity firm Sophos.

The findings underscore the increasing financial burden on critical infrastructure as cybercriminals intensify their efforts against these vulnerable sectors.

The 2024 report, titled “The State of Ransomware in Critical Infrastructure,” highlights that 49% of ransomware attacks against energy and water organizations originated from exploited vulnerabilities.

The alarming statistic comes as these sectors, defined by the Cybersecurity and Infrastructure Security Agency (CISA) as part of the nation’s critical infrastructure, continue to face heightened threats.

Sophos gathered data from 275 respondents in energy, oil and gas, and utilities organizations across 14 countries and 15 industry sectors.

These insights form part of a larger survey involving 5,000 cybersecurity and IT leaders, conducted between January and February 2024.

“Criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly. This makes utilities prime targets for ransomware attacks,” said Chester Wisniewski, Global Field CTO at Sophos.

“Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption.”

Adding to the financial strain, the median ransom payment for organizations in these sectors jumped to more than $2.5 million in 2024—$500,000 higher than the global cross-sector median.

The energy and water sectors reported the second-highest rate of ransomware attacks, with 67% of organizations in these sectors being hit, compared to the global average of 59%.

The report also revealed that the recovery time for affected organizations is increasing. Only 20% of those hit by ransomware were able to recover within a week or less in 2024, a sharp decline from 41% in 2023 and 50% in 2022.

Furthermore, 55% of organizations took more than a month to recover, highlighting the growing complexity of these attacks.

“These utilities must recognize they are being targeted and take proactive action to monitor their exposure of remote access and network devices for vulnerabilities and ensure they have 24/7 monitoring and response capabilities to minimize outages and shorten recovery times,” Wisniewski emphasized.

Sophos’ findings also pointed out that these sectors reported the highest rate of backup compromise at 79%, and the third-highest rate of successful encryption at 80% compared to other industries surveyed.

“This once again shows that paying ransom payments almost always works against our best interests. An increasing number (61%) paid the ransom as part of their recovery, yet the amount of time it took to recover was extended,” Wisniewski noted.

“Not only do these high rates and amounts of ransoms encourage more attacks on the sector, but they are not achieving the claimed goal of shorter recovery times.”

As ransomware attacks continue to plague critical infrastructure, Sophos urges organizations in these sectors to adopt robust cybersecurity measures, including regular patching, comprehensive monitoring, and rehearsed incident response plans, to mitigate the impact of such threats.