Ransomware attacks are hitting energy, oil and gas sectors especially hard, report finds
Ransomware attacks are hitting energy and oil and gas sectors harder, costing utilities more in recovery time and funding as victims appear increasingly willing to pay ransom demands, according to a new report from the cybersecurity firm Sophos.
The report looks at ransomware impacts to critical infrastructure organizations and is based on more than 200 responses from a wider survey of 5,000 cybersecurity and IT leaders taken in January and February. Sophos said that the ransomware attack rate appears to be falling globally, but researchers found that recovery times for energy, oil and natural gas, and utilities have been steadily increasing since at least 2022.
“This slowdown may reflect the increased complexity and severity of attacks, necessitating greater recovery work. It may also indicate a growing lack of recovery preparation,” the report notes.
The report found that more than half of energy, oil and gas and utilities ransomware victims took more than a month to recover, up from 19% in 2022.
The Biden administration has spent the past few months warning about Chinese-backed infiltrations into sensitive civilian and military critical infrastructure. Security officials have pointed out that those “Volt Typhoon” hackers may try to disrupt critical infrastructure servicing civilians in an effort to change public opinion amid increasing tensions around Taiwan.
Experts have warned that cyberattacks on IT infrastructure — like bill payment systems — can have an impact on operations and provided services, meaning that even if an attack only affects the IT side of the business, critical services like energy generation and transmission can be impacted.
“There’s a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multifactor authentication,” Chester Wisniewski, global field chief technology officer at Sophos, said in a press release. “Like hospitals and schools these utilities are frequently operating with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities and the monitoring required for early detection and response.”
According to Sophos, nearly half of successful attacks occurred because of an unpatched or unmitigated vulnerability, while just over a quarter were due to compromised credentials, per the report. Researchers also noted that energy, oil and gas, and utilities make up the sector “most likely to fall victim to the exploitation of unpatched vulnerabilities.”
Additionally, that same group is more likely to pay a ransom demand to retrieve encrypted data than to use backups to recover.
“This is the first time that energy, oil/gas, and utilities organizations have reported a higher propensity to pay the ransom than use backups,” the report noted.
While the survey does highlight how ransomware is still one of the most disruptive to critical infrastructure operations, the general lack of understanding in the wider threat landscape due to lax reporting laws means that the true cost of ransomware could be much higher. The Cybersecurity and Infrastructure Security Agency is going through a rulemaking process requiring many critical infrastructure organizations to report substantial cyber incidents, with the final rule expected early next year.