INTRODUCTION – CEO Insight

Ransomware continues to dominate the threat landscape in 2022. Organizations are under siege from a wide variety of threats, but ransomware offers threat actors a unique combination of very low risk with very high reward—which is why the volume of ransomware attacks nearly doubled from the previous year, and the total cost of ransomware was estimated to exceed $20 billion.

Ransomware began as little more than a new type of malware exploit with a different payload—generating revenue by extorting payment from victims—but it has evolved into a complex business model. The malware is just one element of the much larger ransomware operation—or RansomOp—that make today’s attacks far more sophisticated and insidious.

Cybercrime gangs like Darkside, the group behind the Colonial Pipeline attack, REvil, the group behind the JBS attack, and the Conti ransomware group, whose attacks on multiple government bodies led President Rodrigo Chaves of Costa Rica to declare a national emergency, have developed ransomware-as-a-service models that mirror legitimate businesses, complete with customer service, human resources, and a network of suppliers and partners.

Ransomware is also more sinister because of the increasingly blurred lines between cybercrime gangs and nation-state adversaries who influence the objectives of ransomware attacks while also making it more
difficult to bring the threat actors to justice.

I often refer to these groups as “stateignored,” where nation-state adversaries look the other way as long as the ransomware targets align with their strategic goals, or “state-controlled,” where the threat actors are executing attacks on behalf of and at the direction of the nation-state. The US Cybersecurity and Infrastructure Security Agency (CISA) reported that 14 out of 16 critical infrastructure sectors have been targeted by ransomware attacks.

Organizations that are hit by a ransomware attack face a no-win situation. The only options are to either ignore the ransom demand, rebuild and restore compromised systems from backups, and pray that the threat actor doesn’t leak or sell your organization’s sensitive data, or pay the ransom to obtain the
decryption key from the attackers.

While paying the ransom may seem like the easier choice, our research this year proves once again that it does not pay to pay. Organizations that paid a ransom were frequently unable to recover all of their data,
and many were hit by additional ransomware attacks—often by the same threat actors.
Given the ongoing threat that these attacks pose to organizations, this second annual Ransomware: The

True Cost to Business study examines how ransomware continues to impact the business, the outcomes
organizations are reporting after having been the target of a ransomware attack, and the strategies companies large and small are implementing to better prepare for an attack.

Our mission is to enable Defenders to reverse the adversary advantage. To advance that goal and enable organizations to make better decisions about their security posture, we need concrete insights into the business impact of these attacks. This report reveals the true cost and impact of ransomware, and it underscores that organizations need to Defend Forward with more proactive approaches to cybersecurity.

The best defense against ransomware attacks is to ensure your data is not stolen or encrypted in the first place through effective prevention, detection and response. It is my hope that your organizations will find
this report insightful and that it will serve to inform your organization’s strategies to remain undefeated by ransomware.