Recovery costs from ransomware attacks on energy and water sectors have quadrupled to $3 million over the past year, a new report reveals.
Cybersecurity firm Sophos’s “State of Ransomware in Critical Infrastructure 2024” study found these costs are four times higher than the global cross-sector median.
Nearly half (49%) of ransomware attacks against these critical infrastructure sectors exploited vulnerabilities, the report said.
Chester Wisniewski, Sophos’s global Field CTO, said criminals target utilities to cause maximum disruption, hoping for quick ransom payments to restore essential services.
Recovery times have lengthened significantly. Only 20% of affected organizations recovered within a week in 2024, down from 41% in 2023 and 50% in 2022. Over half (55%) took more than a month to recover, up from 36% in 2023.
This contrasts with other sectors, where 35% of companies took over a month to recover.
The energy and water sectors also reported the highest rate of backup compromise (79%) and third-highest rate of successful encryption (80%) among surveyed industries.
These findings underscore the growing cybersecurity challenges faced by critical infrastructure, particularly in energy and water sectors. The steep rise in recovery costs and extended downtime highlight the urgent need for improved security measures and resilience strategies.