Crippling threat…20 percent of firms hit by ransomware had to cease business operations
Malwarebytes has published in-depth research into the enterprise ransomware problem, and the findings makes for shocking reading.
The survey examined how 500 CIOs, CISOs and other senior IT staff at firms with 5,400 staff in the US, Canada, UK and Germany are coping with the ransomware problem.
And the answer is not well.
Among Malwarebytes’ shock findings in its “State of Ransomware” report, are that nearly nearly 40 percent of enterprises around the world have been hit by ransomware in the last year.
But to make matters worse, 34 percent of those firms have lost revenue, and even more worryingly 20 percent had to stop business completely.
And depressingly the research found that more than 40 percent of enterprises had paid the ransom, showing the clear lack of effective backup strategies at many businesses. And more than 60 percent of attacks took more than nine hours to resolve.
That said there has been a spate of ransonware attacks on hospitals of late, and 3.5 percent of respondents admitted that lives were at stake because of ransomware’s debilitating effects for healthcare. Other sectors to see frequent attacks were financial organisations.
Attackers it seems are demanding on average over $1,000 (£767) according to 60 percent of firms. But 20 percent of firms said that the attackers had demanded more than $10,000 (£7,677). One percent of firms had experienced demands for over $150,000 (£115,146).
“Over the last four years, ransomware has evolved into one of the biggest cyber security threats in the wild, with instances of ransomware in exploit kits increasing 259 percent in the last five months alone. The impact on businesses around the world has been significant,” said Nathan Scott, Technical Project Manager at Malwarebytes. “Until now, very few studies have examined the current prevalence and ramifications of actual ransomware incidents in the enterprise.”
The research also painted a bleak picture for the UK. ESET for example has previously warned that the UK was being heavily targetted by ransomware.
But Malwarebytes found that the UK suffered the highest percentage of ransomware attacks out of all those asked. 54 percent of senior IT staff in the UK admitted to ransomware attacks despite seemingly being confident in their ability to stop it (87.2 percent). It seems that CIOs, CISOs and IT Directors are also the keenest to pay the ransom; and the UK loses the most money to ransomware. Indeed, 60 percent said the attack cost the company financially, nearly 10x more than US counterparts.
Despite this, training remains worryingly none existence, with UK IT managers the least likely to put any kind of ransomware training in place.
As part of the publication of this research, Malwarebytes has added new anti-ransomware additions to Malwarebytes Endpoint Security (MBES), to help firms protect themselves from the ransomware threat.
“The results from this survey further emphasize that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes. “Cybercriminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours. In order to stay safe, businesses must invest heavily in both employee education and technology.”
Meanwhile researchers at the University of Florida claimed recently to have developed technology that can stop ransomware attacks before they cause too much damage.
Earlier this year the gang behind the TeslaCrypt ransomware shut down their criminal operation and apologised. The gang also handed over the universal master decryption key to the malware to security researchers ESET.
Are you a security pro? Try our quiz!