According to a new analysis from cybersecurity firm Sophos, ransomware attacks are hitting the energy and oil and gas sectors harder, costing utilities more in recovery time and money as victims appear to be more inclined to pay ransom demands.

Ransomware Attacks: A Growing Threat

The report examines ransomware's impact on critical infrastructure firms and is based on more than 200 responses from a larger survey of 5,000 cybersecurity and IT leaders conducted in January and February. Sophos reported that the global ransomware attack rate appears to be decreasing. Still, researchers discovered that recovery times for energy, oil and natural gas, and utilities have been gradually growing since at least 2022.

This slowness could represent the increased complexity and severity of attacks, needing more recovery labor. According to the paper, this also implies a rising lack of recovery planning.

Vulnerabilities in the Energy Sector

According to the report, more than half of energy, oil and gas, and utility ransomware victims required more than a month to recover, up from 19% in 2022.

The Biden administration has spent recent months warning about Chinese-backed infiltrations into sensitive civilian and military critical infrastructure. Security officials have stated that the "Volt Typhoon" hackers may attempt to impair essential infrastructure serving people to influence public opinion as tensions rise in Taiwan. 

Researchers cautioned that cyberattacks on IT infrastructure, such as bill payment systems, can influence operations and services, implying that even if an attack solely impacts the IT side of the business, key functions such as energy generation and transmission may be affected.

"There's a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multifactor authentication," Chester Wisniewski, global field chief technology officer at Sophos, said in a news statement. "Like hospitals and schools these utilities are frequently operating with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities, and the monitoring required for early detection and response."

The Cost of Ransomware Attacks

As reported by Sophos, nearly half of all successful assaults were caused by an unpatched or untreated vulnerability, with compromised credentials accounting for slightly more than a quarter. According to the researchers, the energy, oil and gas, and utilities sectors are the "most likely to fall victim to the exploitation of unpatched vulnerabilities."

Furthermore, that same group is more inclined to pay a ransom to restore encrypted data rather than relying on backups.

According to the report, this is the first time that energy, oil/gas, and utility firms have reported a higher propensity to pay the ransom rather than employ backups.

The Rising Tide of Ransomware

While the survey highlights how ransomware remains one of the most disruptive to critical infrastructure operations, the general lack of information in the larger threat picture due to low reporting rules suggests that the true cost of ransomware could be significantly greater. 

The Cybersecurity and Infrastructure Security Agency is now working on a rulemaking process that will require many critical infrastructure businesses to report significant cyber events, with the final rule likely early next year.