Sophos published its The State of Ransomware in Critical Infrastructure 2024 report yesterday offering a comprehensive glimpse into the state of ransomware within the energy, oil/gas, and utilities sector in 2024. The report sheds light on persistent challenges and evolving trends in the sector, highly applicable to the water and wastewater systems sector. While the report indicates that recovery rates have remained steady, there is a growing trend of critical infrastructure organizations choosing to pay the ransom rather than use their backups for data recovery. Some of the findings include:

Attack Trends

• 67% of organizations in the sector fell victim to ransomware attacks, with 98% of them facing attempts to compromise backups, 79% being successful.
• Data encryption affected 80% of ransomware incidents, mirroring the previous year's trend, with a mean recovery cost of $3.12 million.

Data Recovery Methods

• A noticeable decline in using backups for data recovery was observed, as 61% of organizations opted to pay the ransom instead of resorting to backups.
• 35% of affected entities utilized multiple data recovery methods, showcasing increased resilience and preparedness across the energy, oil/gas and utilities sector.

Ransom Payments

• Entities across energy, oil/gas and utilities exhibited the highest propensity to pay the exact ransom amount demanded compared with other industries, with 48% of victims matching the original sum.
• 26% of victims paid less than the initial demand, while 27% paid more.
• The average (median) payment was $2.5 million in 2024.

The report underscores the need for robust backup strategies throughout critical infrastructure. As ransomware attacks continue to pose serious threats, it is imperative for utilities to prioritize data protection, resilience planning, and diversified recovery approaches to mitigate potential risks effectively. To access the full report, visit Sophos.