Ransomware report finds 43% of data is unrecoverable after an attack

According to a report released Tuesday by Veeam, ransomware victims permanently lose an average of 43% of the data affected by an attack.

The Veeam Ransomware Trends Report 2024 is based on a survey of 1,200 CISOs, security professionals and backup administrators who were victims of a ransomware attack in 2023. It shows that many organizations are not prepared to recover from an attack, although the vast majority have appropriate incident response plans and policies in place.

96 percent of attacks target backup repositories, and 76 percent of attacks are successful in overcoming them. Organizations should therefore consider alternative backup sites, ensure that backup repositories are immutable and/or physically separated, and work to better harmonize collaboration between cybersecurity, IT and backup administration teams, the report says.

“The attack will be worse than you imagined and cost more than you expect,” the Veeam report says. “Organizations should create cyberattack preparedness plans that include expanding the use of immutable repositories, isolating and authenticating backup systems, and verifying the recoverability of backups within the organization to ensure established SLAs.”

Most ransomware victims pay ransom, but many still lose data

81% of respondents to Veeam’s 2024 Ransomware Trends survey said their organization paid a ransom, but only two-thirds of those respondents were actually able to recover their data. On the other hand, 15% of respondents did not pay a ransom but were still able to recover their data, thus reaping the benefits of reliable data backup.

While the average ransomware payment in Q4 2023 was about $568,000, according to Coveware, the ransom itself only averaged about 32% of the total cost of an attack, according to the Veeam report.

Responses to the survey show that cyber insurance is not always an effective solution to cover costs. Only 65 percent of respondents used their insurance to cover costs, although 86 percent said they could have done so. Alternatively, 21 percent paid a ransom without making a claim with their cyber insurance provider.

Best backup practices for recovering from a ransomware attack

Veeam has made three key recommendations based on the findings of its Ransomware Trends Report. The first emphasizes the importance of alignment between security teams, backup teams and executive management.

More than 60% of survey respondents said that the coordination between IT backup teams and cybersecurity teams needs to be significantly improved or completely overhauled. The most common problem is “the lack of integration between backup tools and cybersecurity tools.” Backup administrators in particular were the most dissatisfied with the coordination between the teams.

The report’s second recommendation called for better preparation, focusing specifically on the reliability of backup infrastructure. Veeam suggests a wide range of backup sources, including disk, tape and cloud. While 97% of respondents said their organization had a “ransomware response playbook,” only 33% said their plan included provisions for alternative backups, and only 20% had an isolation plan.

Finally, organizations are urged to ensure that their backup data is clean and can be reliably restored. A backup alone does not guarantee that the data can be effectively restored, as demonstrated by the fact that on average only 57% of data affected by an attack can be recovered. Organizations should regularly test the recoverability of their backup data and use immutable repositories to ensure that the data is “clean.”

Additionally, ransomware victims should not restore their data directly to their production environment after an attack. Despite the risk of reinfection, the survey found that 63% of organizations did not quarantine or sandbox their backups before restoring. Despite the pressure to restore operations as quickly as possible, organizations should take the time to thoroughly scan and test their backup environment to ensure full recovery.