The average ransom paid in 2021 was about 3 million rubles, the average downtime of an attacked company was 18 days
MOSCOW, September 23. /TASS/. Over the last two years 27.4% of Russian entrepreneurs have been targeted by cyberattacks, while 59.4% of them have managed to avoid this problem, according to a study conducted by Group-IB and The Bell publication. The results were presented at a meeting of the Bell.Club on Thursday.
“According to the poll, 27.4% of Russian entrepreneurs were the targets of cyberattacks over the past two years, the majority (59.4%) claim that they were not affected by this problem and they “were lucky,” while another 13% do not know if their businesses were subjected to attacks because their IT specialists or a security service should deal with this issue,” the study says.
“More than half of the businessmen surveyed (50.9%) consider encryption software to be a dangerous threat, and about the same percentage (51.9%) are convinced that their company is “rather unprotected from cryptographic attacks,” the study says.
Group-IB added that the number of attacks on organizations in Russia this year has soared by more than 200%.
According to the study, 50% of respondents are aware of the fact that e-mail in 40-60% of cases is a point of penetration into the network. However, 50% do not use additional e-mail protection technologies, limiting themselves to built-in capabilities. About 16% don't think about email protection.
About data ransom
The amount of ransom that malefactors demand from Russian companies depends on the size of the organization and varies from several hundred thousand to tens of millions of rubles.
The average ransom paid in 2021 was about 3 million rubles ($41,212), the average downtime of an attacked company was 18 days, Group-IB noted.
The majority of respondents (77.4%) reported that they were not ready to pay the ransom to fraudsters, while 17.9% were ready to give 5 million rubles ($68,689), 3.7% – 10 million rubles ($137,371), 1% – 100 million rubles ($1.4 mln).
A third of the entrepreneurs interviewed (33%) said that stopping for a few hours is already critical for their business, for another 30% it is downtime for one day which is critical.
“Although the results of our study look quite optimistic, they revealed a paradox: most of the respondents know that they are not protected from attacks, they are aware of the danger of ransomware, but at the same time they do not try to effectively protect themselves against them. So far, I have not seen an e-mail one could not “pierce,” Oleg Skulkin, deputy head of the laboratory of computer forensics at Group-IB said as quoted in the statement.
“The illusion of security is fueled by the fact that there is no high-profile news with huge ransoms, neither in the West, nor in Russia. But this is only a matter of time,” he added.