New research has found ransomware attacks have affected more than a third of businesses worldwide over the last 12 months.
A report from IDC found that companies that fall victim once, are highly likely to fall victim again, with businesses in the manufacturing and finance industries having the highest ransomware incident rates. At the other end of the spectrum are those in the transportation, communications, and utilities/media industries.
Despite law enforcement agencies and cybersecurity experts warning against paying the ransom, as it only fuels the greed and makes ransomware operators more dangerous, many organizations still decide to pay up. In fact, IDC says only 13% of firms reported being attacked and not paying up.
The average ransom payment was almost a quarter of a million dollars, IDC says, adding that a few bigger ransom payments (north of $1 million ) skewed the average.
When it comes to defending against ransomware, American companies seem to be doing a somewhat better job than the rest of the world, as the incident rate in the US was 7%, compared to the global average of 37%.
Drilling deeper into how different organizations respond to ransomware, IDC found that many review and certify security and data protection/recovery practices with partners and suppliers. Some periodically stress-test their cyber-response procedures, while others tend to share as much info with threat intelligence agencies and government firms as possible.
Finally, IDC found that companies further along their digital transformation road were less likely to fall victim to a ransomware attack.
“As the greed of cyber miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion,” said Frank Dickson, Program Vice President, Cybersecurity Products at IDC. “Welcome to digital transformation’s dark side!”
As long as they can expect a payment, ransomware operators don’t really care much about the target’s size. Businesses of all sizes, from SMBs to large enterprises, are equally interesting to them, and with employees being at the front lines (and usually the weakest link in the security chain), organizations need to ensure proper cybersecurity and awareness training.
As Dickson said, ransomware has evolved. At the start, the premise was simple: encrypt all of the data on the target network and demand payment in cryptocurrencies in exchange for the decryption key. Once businesses started deploying backups instead of paying up, ransomware operators began to steal data as well, and threaten to release it online should the ransom not be paid.
Nowadays, many operators throw DDoS into the mix, threatening to paralyze a company’s services until their demands are met.