All experts agree that ransomware is unpredictable, hard if not impossible to prevent, and is currently showing no signs of slowing. Businesses are facing numerous challenges from this evolving, dangerous threat, with Andy Buchanan from RES has said that this form of attack is hard to defend due to it being ‘chameleon-like’.
The report, which surveyed 540 CIOs, CISOs and IT Directors from companies with an average of 5,400 employees across the UK, U.S., Canada, and Germany, found that 40% of businesses have experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue and 20% had to stop business completely.
58% of UK companies pay up
The report found that many are paying attackers’ ransoms – even though the consensus is that companies should never comply with attacker demands. In 2016 the FBI said that in no circumstances should individuals or businesses pay to regain access to information.
Explaining why businesses should not pay up, Andy Buchanen said: “[not paying a ransom] is good advice for two reasons: firstly, there is no guarantee that you are going to get access to your data or, in the case that you do, the data could be compromised. The saying goes that there is no honour among thieves, and data held to ransom could well have been corrupted during the process, or backdoors left within it so hackers can regain access into your network at their leisure.” On average, 37% of organisations pay the ransom.
28% lost files
There are consequences to not paying the ransom, with more than one-quarter losing files because they did not pay. This should not come as a surprise – there is rarely a way to decrypt files without the key from the ransomware author. 32% of UK companies lost files after refusing to pay.
34% lost money
The report found that the impact of ransomeware attacks was significant among companies that were infected – which point to high value data being compromised. Globally, 34% of ransomeware attacks cause companies to lose revenue due to the inability to access encrypted files.
9 hours spent on remediation
The report found that more than 60% of those surveyed took more than 9 hours to remediate the impact of an attack.
60% demand over £1,000
Nearly 60% of all ransomware attacks in the enterprise demanded over £1,000. Over 20% of attacks asked for more than £10,000, £1% even asked for over £150,000.
3.5% fear loss of life
An amazing stat to come out of the Malwarebytes report was that 3.5% of companies said lives were at stake because of ransomware’s debilitating effects.
63% experienced severe downtime
Ransomware disrupts – that’s a fact. 63% of those surveyed spent more than an entire business day trying to fix endpoints.
4% confident in dealing with ransomware
One of the more worrying stats, made all the more worrying from the preceding figures in this article. Just 4% of organisations are ‘very confident’ in their ability to stop ransomware. 78% said they were somewhat or fairly confident, despite the fact that 80% of companies have been the victim of a cyber attack in the last 12 months. One in five were either not confident at all or only minimally confident is their ability to deal with ransomware.
Cyber criminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours. In order to stay safe, businesses must invest heavily in both employee education and technology. We are thrilled to be able to give companies a solution that can thoroughly protect them against ransomware threats.