Half of the companies in Singapore hit by ransomware attacks paid the ransom to recover their data, according to the sixth annual State of Ransomware report by cybersecurity firm Sophos.
While a significant number of companies paid, the median ransom payment in Singapore dropped to US$365,565 ($285,775) this year, a notable decrease from US$760,000 last year. Nearly two in five (39%) businesses successfully negotiated a lower amount, either directly or through a third party.
“Many companies are arming themselves with resources to limit damage. This includes hiring incident responders who can not only lower ransom payments but also speed up recovery and even stop attacks in progress,” says Chester Wisniewski, director, field CISO, Sophos.
Despite paying, recovery from a ransomware attack is not immediate. Over half (53%) of companies took a week to recover, while 22% experienced recovery times of up to six months. Beyond the ransom, Singaporean companies incurred an average of US$1.54 million this year to fully recover from an attack.
The leading causes of ransomware attacks in Singapore include phishing (36%), malicious emails (29%), and compromised credentials (17%). Operationally, key contributing factors cited by Singaporean respondents were a lack of adequate protection (47%) and limited personnel or capacity (43%), underscoring ongoing gaps in local cybersecurity readiness.
"Ransomware can still be 'cured' by tackling the root causes of attacks: phishing, lack of visibility into the attack surface, and too few resources. We’re seeing more companies recognise they need help and are moving to Managed Detection and Response (MDR) services for defence. MDRcoupled with proactive security strategies, such as multifactor authentication and patching, can go a long way in preventing ransomware from the start,” says Wisniewski.
