Ransomware attacks increasingly target ERP systems

New research by Onapsis reveals that ransomware is becoming increasingly prevalent, with many enterprises finding themselves in communication with the perpetrators.

The data indicates that 69% of enterprises have interacted with ransomware threat actors, suggesting a significant rise in ransomware attacks targeting Enterprise Resource Planning (ERP) applications.

The findings suggest a worrying trend: 83% of organisations encountered at least one ransomware attack in the past year. Furthermore, 46% of respondents experienced four or more ransomware attacks within the same timeframe, while 14% reported experiencing ten or more.

One of the most significant impacts of ransomware attacks is downtime. Of those respondents who experienced at least one ransomware attack in the past year, 61% reported a downtime of at least 24 hours following an incident. This extended downtime has considerable repercussions for business operations, often resulting in substantial financial losses.

The research underscored that ERPs are frequent targets. A striking 89% of organisations affected by ransomware attacks reported that their ERP applications and systems were compromised at least once. This is particularly concerning given the critical role these systems play in managing core business functions. Additionally, 93% of the respondents emphasised the necessity of having dedicated ERP security solutions, highlighting the insufficiency of general security measures in protecting these vital systems.

Mariano Nunez, CEO of Onapsis, commented on the significance of these findings: "While the volume of these attacks isn't surprising, the increasing impact on ERP applications is notable, and it will only get worse amidst AI-enabled threats." Nunez further elaborated that ransomware actors now realise that disrupting ERP and business-critical applications provides them with significant leverage, as downtime can be measured in millions of dollars per hour for large organisations. "The research is very clear in that generic security solutions on the market are falling short. Enterprises need a purpose-built, comprehensive solution to protect their mission-critical ERP platforms from this increasing threat," he added.

The study also delved into how organisations handle ransomware attacks. When asked if they communicated with the actors behind these attacks, 69% of respondents confirmed that they had. As for the contentious issue of paying ransoms, responses were mixed: 34% admitted to paying every time, 21% only on occasion, and 45% stated they never pay. Interestingly, 83% of organisations that had paid a ransom at least once reported working with a ransomware broker to manage these interactions.

The prevalence of ransomware attacks has mandated changes in cybersecurity strategies for many organisations. According to the survey, 96% of organisations realised a need to adapt their approaches. Consequently, 57% of respondents invested in new solutions, 54% in employee training, 53% increased their internal cybersecurity staff, and 36% hired external threat research teams.

The survey was conducted by Sapio Research and included responses from 500 cybersecurity practitioners at managerial level and above, from organisations with over 500 employees in the UK and the DACH region. The data was collected online in June and July 2024.

Gartner's research, referenced in the study, identified AI-enhanced malicious attacks as a top emerging risk for enterprises in the first quarter of 2024. This aligns with the growing concerns expressed by the survey participants regarding the impact of AI on the sophistication and frequency of ransomware attacks targeting critical business systems.