A new report has revealed 38% of organizations in Nigeria that were attacked by ransomewares admitted to paying the ransom. This was one of the findings contained in The State of Ransomware 2020 global survey report published by Sophos, a global leader in next-generation cybersecurity.
According to the report, 53% of the organizations surveyed in Nigeria witnessed a significant ransomware attack in the last 12 months.
Results of the survey also indicated that Nigerian companies are increasingly becoming more targeted by ransomwares than some other countries in the world. Globally Data was encrypted in nearly three quarters (73%) of attacks that successfully breached an organization, while in Nigeria, it was 74%.
The report also revealed that the average cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was more than $730,000. This average cost rose to $1.4 million, almost twice as much, when organizations paid the ransom.
Globally, more than one quarter (27%) of organizations hit by ransomware admitted paying the ransom but in Nigeria, 38% of the organizations that were attacked admitted to paying the ransom.
“Organizations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory. Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair,” said Chester Wisniewski, principal research scientist, Sophos.
Furthermore, 56% of IT managers surveyed were able to recover their data from backups without paying the ransom compared to 44% in the Nigeria. Globally in a very small minority of cases (1%), paying the ransom did not lead to the recovery of data while in Nigeria it was in 10% of cases. This figure rose to 5% for public sector organizations. In fact, 13% of the public sector organizations surveyed never managed to restore their encrypted data, compared to 6% overall.
However, contrary to popular belief, the public sector was least affected by ransomware, with just 45% of the organizations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure and entertainment businesses in the private sector were most affected by ransomware, with 60% of respondents reporting attacks.