The number of IT decision makers in the Emirates who say they got hit by a ransomware attack is down 11 percentage points from last year, according to security company Sophos. The bad news: This likely means that bad actors have moved to more focused and custom-crafted attacks.

The number of enterprises affected by ransomware is still significant. Thirty-eight percent of the UAE tech executives polled by Sophos in its latest report said they were attacked with ransomware during the past year.

is a form of  that encrypts a victim’s files. Once the victim’s system is infected, the attacker demands money from the victim to recover the encrypted data, usually by supplying a decryption key.

Attackers using ransomware are taking advantage of newly remote workers, growing pools of data, and more sophisticated hacking techniques. The Middle East is especially vulnerable to ransomware because until recently, enteprises in the region have had relatively little experience with remote work and off-premises data storage.

In the UAE, the average cost of remediating a ransomware attack declined from the $696,305 reported a year ago, but remains above the half-million dollar mark, at  $517,961, Sophos said. Globally, remediation costs have increased.

Ransomware remediation costs globally rose from an average of $761,106 in 2020 to $1.85 million in 2021, which means that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment, Sophos said. Remediation costs include business downtime, lost orders, operational costs.

Paying ransom does not guarantee file recovery

In the Middle East, 28% of the organizations  hit by ransomware paid a ransom, but that did not guarantee they got their data back. “Only a tiny minority of those who paid got back their data,” said Chester Wisniewski, principal research scientist at Sophos, in a press release.  Part of the reason could be because it’s complicated to recover data using decryption keys, and some ransomware code is poor quality, which can make it more difficult to recover information even with a key, Wisniewski said.

“The apparent decline in the number of organizations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviours,” said Chester Wisniewski, principal research scientist, Sophos. “We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking.” This means that the attacks are more complex, and generally harder to recover from, which is one reason for the gloabl rise in remediation costs, Wisniewski said.

Ransomware tips for overwhelmed IT teams

Sophos surveyed 5,400 IT executives in medium-size organizations in Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa. Fifty-four percent of those polled said cyberattacks are too advanced for their IT team to deal with on their own.

Sophos offer a number of recommendations, stressing the importance of making backups and offline copies of files. The company also recommends using layered protection strategy, including a mix of human security experts as well as anti-ransomware technology (Sophos itself makes such products).

Finally, the company says, do not pay ransom. Not only does it encourage more attacks, but victims do not usually get all of the their data back and sometimes get no data back.