Nearly 40% of businesses have experienced ransomware attacks in the last year according to new report “State of Ransomware”
Nearly 40% of businesses have experienced ransomware attacks in the last year, according to a new study. Of these victims, more than a third lost revenue and 20% percent had to stop business completely.
The report, “State of Ransomware,” was sponsored by Malwarebytes and conducted by Osterman Research to explore ransomware attack frequency, how it works in an enterprise environment, ransom cost, infiltration points, impact, preparedness and more.
Over the last 4 years, ransomware attacks have become one of the biggest cyber security threats, increasing 259% percent in the last five months alone. The study by Osterman Research examined the current prevalence and ramifications of actual ransomware incidents in the enterprise.
Additional international findings include:
|Nature of attacks||46% of all ransomware attacks originated from email|
|Cost of attacks||Nearly 60% of all ransomware attacks in the enterprise demanded over $1,000. Over 20% of attacks asked for more than $10,000, 1% even asked for over $150,000.
|Many are paying the ransom||Globally, more than 40% of victims paid the ransom demands|
|Significant time spent on remediation||More than 60% of attacks took more than 9 hours to remediate|
|Frequency in Industries||Healthcare and financial services were the leading industries attacked with ransomware globally, both of which were targeted well above the average ransomware penetration rate of 39%|
|Potential loss of life||Amazingly, 3.5% even said lives were at stake because of ransomware’s debilitating effects|
|Severe downtime||63% spent more than an entire business day trying to fix endpoints|
|Switch from protection to disaster planning||The most popular way of addressing the problem is not through protection, but by backing up data > 71%|
In the United States alone, nearly 80% of companies have suffered a cyber attack in the last year and more than half of them experienced a ransomware incident. 70% percent of attacks impacted mid-level managers or higher, while 96% of U.S. organizations aren’t very confident in their ability to stop ransomware.
Key U.S. findings:
- Security attacks with ransomware are increasing: Nearly 80% of U.S. companies have suffered a cyber attack in the last year and more than half experienced a ransomware incident. US organizations are the most attacked among the countries surveyed.
- More than half of the U.S. attacks originated with email. Germany (61%) and the United States (59%) both see the highest level of ingress for ransomware through email, either through email attachments or malicious links in email messages. Email is much less common in the United Kingdom as an entry point for ransomware (39%) and in Canada (30%).
- Attacks are impacting more than initial endpoints: More than 40% of ransomware attacks in all four countries were successful in impacting more than a single endpoint, with nearly 10% of the attacks affecting more than one-quarter of the endpoints in the business.
- Security organizations are not confident in their defenses: Decision makers in U.S. organizations have a relatively low level of confidence in their ability to effectively stop ransomware and are less confident about ransomware prevention than their counterparts in Canada, Germany and the United Kingdom. 96% of U.S. organizations aren’t very confident in their ability to stop ransomware.
- Current enterprise security measures are weak against ransomware: Almost half of ransomware incidents in the U.S. occurred on a corporate desktop within the enterprise security environment.
- 44% of ransomware attacks on U.S. companies forced IT staff to work more than nine hours to remediate the incident. Globally, the figure is 63% of incidents that took more than nine hours to remediate.
More Here [malwarebytes]