The latest annual report from Sophos on ransomware developments for state and local government paints a mixed picture:
On the one hand, the report reveals a promising 51% reduction in ransomware attacks in 2024 compared to the previous year. On the other hand, those organizations that were hit experienced increasingly severe outcomes, including skyrocketing recovery costs and a troubling rise in data encryption rates.
A Sharp Decline in Attack Rates
In 2024, 34% of state and local government organizations reported being targeted by ransomware, down from 69% in 2023. This reduction represents the lowest attack rate among all sectors surveyed, which suggests that improved defenses and awareness may be paying off. However, this decline in attack frequency does not tell the whole story.
Rising Costs and Data Encryption Rates
While fewer attacks occurred, the ones that did were more devastating. A staggering 98% of ransomware incidents in 2024 resulted in data encryption, a dramatic increase from 76% in 2023. This marks the highest rate of encryption across all sectors studied this year, indicating that when attackers succeed, they are more likely to inflict severe damage.
The financial impact of these attacks has also escalated sharply. The average cost to recover from a ransomware incident for state and local governments more than doubled, soaring to $2.83 million in 2024, up from $1.21 million the previous year. This increase reflects the growing complexity and resource intensity required to recover from these attacks, including costs related to downtime, restoration, and potential ransom payments.
The Role of Backups and Ransom Payments
Backups continue to play a crucial role in ransomware recovery efforts. In 2024, 78% of state and local government organizations used backups to restore encrypted data, making it one of the most effective defenses against ransomware. However, there is a concerning trend of organizations increasingly resorting to paying ransoms. This year, 54% of affected entities paid the ransom to regain access to their data, a slight decline from the global average of 56%.
Moreover, the study reveals that more organizations are now using multiple recovery methods. In 2024, 44% of those who experienced data encryption used both backups and ransom payments, a significant jump from just 11% in 2023. This shift suggests a growing desperation or a strategic decision to hedge recovery efforts by using all available options.
Lessons Learned and Mitigation Strategies
Sophos’ findings underscore the importance of robust, layered defenses against ransomware. The report recommends that state and local government organizations:
• Prioritize Backup Integrity: Given that 99% of ransomware attacks included attempts to compromise backups, ensuring that backup systems are secure and regularly tested is essential.
• Enhance User Training: Continuous staff training on identifying and responding to potential ransomware threats can reduce the likelihood of an attack succeeding.
• Implement Access Controls: Restricting access to sensitive systems and data can minimize the risk of ransomware spreading within an organization.
• Engage with Law Enforcement: Working closely with law enforcement agencies can provide valuable support during an attack and help improve overall security posture.
While the decline in ransomware attacks is encouraging, the increased severity of successful breaches highlights the need for continued vigilance and proactive security measures. State and local governments must remain committed to strengthening their defenses, ensuring backup reliability, and carefully considering the implications of paying ransoms.