Attack rates and recovery rates have remained steady<\/h2>\n
67% of energy, oil\/gas and utilities organizations were hit by ransomware in 2024, identical to the attack rate reported in 2023.<\/p>\n
![\"atttack](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/07\/atttack-rate.png\")
<\/p>\n
98% of energy, oil\/gas and utilities organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. Four in five (79%) of these backup compromise attempts were successful, the highest rate of successful backup compromise across all sectors.<\/p>\n
80% of ransomware attacks on energy, oil\/gas and utilities organizations resulted in data encryption in 2024, in line with the encryption rate reported by this sector in 2023 (79%) but higher than the 2024 cross-sector average of 70%.<\/p>\n
The mean cost in energy, oil\/gas and utilities organizations to recover from a ransomware attack was $3.12M in 2024, similar to the $3.17M reported in 2023.<\/p>\n
Devices impacted in a ransomware attack<\/h2>\n
On average, 62% of computers in energy, oil\/gas and utilities are impacted by a ransomware attack, considerably above the cross-sector average of 49%. Unlike other sectors where only a small percentage of organizations have their full environments encrypted, approximately one in five energy, oil\/gas and utilities organizations (17%) reported that 91% or more of their devices were impacted.<\/p>\n
![\"devices](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/07\/devices-impacted.png\")
<\/p>\n
The propensity to use backups for data recovery has decreased<\/h2>\n
61% of energy, oil\/gas and utilities organizations paid the ransom to get encrypted data back, whereas only 51% restored encrypted data using backups \u2013 the lowest rate of backup use reported across all sectors. This is the first time that energy, oil\/gas and utilities organizations have reported a higher propensity to pay the ransom than use backups. In comparison, globally, 56% paid the ransom, and 68% used backups.<\/p>\n
This year\u2019s findings represent a marked change from the previous two years when the sector enjoyed impressive rates of backup use (70% in 2023 and 77% in 2022).<\/p>\n
![\"data](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/07\/data-recovery.png\")
<\/p>\n
A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). This time, 35% of energy, oil\/gas and utilities organizations that had data encrypted reported using more than one method, higher than the 26% reported in 2023.<\/p>\n
Critical Infrastructure victims don\u2019t often pay the initial ransom sum demanded<\/h2>\n
86 energy, oil\/gas and utilities respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment was $2.5M in 2024.<\/p>\n
A little less than half (48%) of respondents said their payment matched the original request. 26% paid less than the original demand, and 27% paid more.<\/p>\n
Looking at the data by industry, energy, oil\/gas and utilities has the highest propensity to pay the original ransom amount demanded by attackers. It is also the sector with the second lowest propensity to pay less than the original demand.<\/p>\n
![\"ransom](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/07\/ransom-payment.png\")
<\/p>\n