A striking number of mid-sized companies in the UAE have been hit by ransomware attacks and are paying the attackers, despite inherent risks in doing so, new research from IT security firm Sophos has found.
The proportion of victims paying ransoms globally continues to increase, even when they may have other options available.
Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords, and more. If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”
Data shows that 59 percent of UAE organizations surveyed were hit with ransomware in 2021, up from 38 percent in 2020.
The report summarizes the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific, Central Asia, the Middle East, and Africa.
According to the Emirates News Agency (WAM), ransomware is malicious software that attacks phones and computers in order to encrypt data, rendering it only recoverable after paying a fee.
The impact of a ransomware attack can be immense as the average cost to recover from the most recent ransomware attack in 2021 was $1.26 million.
It took on average one month to recover from the damage and disruption. Around 88 percent of organizations said the attack had impacted their ability to operate, and 83 percent of the victims said they had lost business and/or revenue because of the attack.
The findings suggest that many organizations rely on cyber insurance to help them recover from a ransomware attack. some 85 percent of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack – and, in 100 percent of incidents, the insurer paid some or all the costs incurred.
In 2017, thousands of organizations around the world were exposed to a series WannaCry ransomware attacks, prompting UAE’s Telecommunications and Digital Government Regulatory Authority to warn users not to open links and files that may come from unknown sources, attempting to trick them into downloading them to hack their devices.