In fact Canadian organizations were the most likely to pay ransomware demands and the most likely to lose files if they chose not to pay.
Advertisement
Around 60 per cent of attacks demand $1,000 to unlock data, while 20 per cent ask for more than $10,000 and one per cent ask for over $100,000.
Nathan Scott, Senior Security Researcher at Malwarebytes, commented: “Over the last four years, ransomware has evolved into one of the biggest cyber security threats in the wild, with instances of ransomware in exploit kits increasing 259% in the last five months alone”.
US businesses victimized by the malware generally didn’t suffer a heavy toll, and only 6 percent of them reported losing revenue.
Ransomware is now on track to become the most prevalent form of malware affecting business, with nearly 40 percent of businesses experiencing a ransomware attack a year ago alone.
Ransomware was described as a “concern” or “extreme concern” by 50% of the organizations included in the survey.
Security firm Malwarebytes sponsored the study, which found in June that 41 percent of US businesses had at least encountered between one to five ransomware attacks in the previous 12 months. 1% even stated that they have experienced more than 20 attacks.
The survey said this was probably because the ransomware attacks in the United States often target lower-level employees and tend to only infect a few computers.
In the United States alone, almost 80 percent of companies have suffered a cyber attack in the a year ago and more than half experienced a ransomware incident.
Ransomware attacks target healthcare and financial services: Healthcare and financial services were the leading industries attacked with ransomware globally, both targeted well above the average ransomware penetration rate of 39 percent. Training is also an issue, as United Kingdom firms are the least likely to stump up for it; for nine percent of firms hit by ransomware their entire systems had been locked down, suffering total operational blackout until a ransom was paid. This is in stark contrast to the USA, where 97 percent of the companies surveyed did not pay the ransom.
The report found that the impact of ransomware attacks was significant among companies that were infected – which points to high value data being compromised.
Compared to companies in other countries, USA businesses tend to offer employees and other end users less training on how to detect and prevent ransomware, according to the study. Of those surveyed here 51 per cent said they were fairly confident in their ability to stop ransomware, with another 16 per cent very confident.
Advertisement
Current enterprise security measures are weak against ransomware: nearly half of ransomware incidents in the USA occurred on a corporate desktop within the enterprise security environment. On average 36 per cent of all those who had been victimized said their firms spent between nine and 16 hours on remediation, while 25 per cent said their organizations spent up to 24 hours.
