A RECENT report by global cybersecurity leader, Sophos, highlights the growing financial burden and vulnerabilities faced by the Energy and Water sectors due to ransomware attacks. The study, titled “The State of Ransomware in Critical Infrastructure 2024,” reveals a concerning trend of escalating recovery costs and a high prevalence of attacks stemming from exploited vulnerabilities.
The median recovery cost for organizations in the Energy and Water sectors has quadrupled in the past year, reaching $3 million — a figure four times higher than the global cross-sector average. Notably, 49 percent of ransomware attacks against these sectors originated from exploited vulnerabilities, underscoring the need for heightened security measures.
Chester Wisniewski, global Field CTO at Sophos, explains the criminals’ motivations: “Criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly. This makes utilities prime targets for ransomware attacks.”
He further elaborates on the unique challenges faced by utilities: “Unfortunately, public utilities are not only attractive targets but vulnerable to attacks on many fronts, including the requirement for high availability and safety, as well as an engineering mindset focused on physical security.”
In addition to rising recovery costs, the median ransom payment for organizations in these sectors surged to over $2.5 million in 2024, exceeding the global cross-sector median by $500,000. These sectors also experienced the second highest rate of ransomware attacks, with 67 percent of organizations reporting being hit in 2024, compared to the global average of 59 percent.
The report also highlights the increasing recovery times for Energy and Water sector organizations. Only 20 percent were able to recover within a week or less in 2024, a significant decrease from 41 percent in 2023 and 50 percent in 2022. This trend is concerning, especially considering the essential services these sectors provide.
Wisniewski emphasizes the ineffectiveness of paying ransoms, stating: “This once again shows that paying ransom payments almost always works against our best interests. An increasing number (61 percent) paid the ransom as part of their recovery, yet the amount time it took to recover was extended.”
To address these challenges, Wisniewski recommends proactive measures such as continuous monitoring for vulnerabilities, 24/7 response capabilities, and well-rehearsed incident response plans.
The Sophos report serves as a stark reminder of the growing threat of ransomware attacks, particularly in critical infrastructure sectors. It highlights the need for increased vigilance, robust security measures, and a proactive approach to mitigating the risks associated with cyberattacks.
