A survey exposes that, in the course of the last year, 50% of American companies have faced a least one ransomware attack.
The report was assigned to Osterman Research by the security firm Malwarebytes and helped experts get a much clearer picture of the ransomware problem in the U.S.
In June 2016, Osterman Research conducted 540 surveys of companies in the U.S, Canada, the UK and Germany. All executives familiar with the company`s security issues, including the CIO, the IT manager, the IT director, were asked to complete the survey.
After processing their responses the researchers faced a very dark picture describing ransomware threat in the United States.
Ransomware was described as a “concern” or “extreme concern” by 50% of the organizations included in the survey. This description didn’t come as a surprise given the fact the more than 40% of the interviewed companies confirmed that they have been targeted by ransomware between 1 and 5 times during 2015. 1% even stated that they have experienced more than 20 attacks.
In 78% of the cases when an U.S-based organization was attacked it wasn’t just the organization that suffered. Its affiliates like vendors, customers and students were also personally affected and in 12% of the cases, the business was forced to close down immediately. However, the ransomware attacks weren’t evenly divided between all sectors. The financial services and the healthcare sector were found to be most appealing to cybercriminals. The authors of the study weren’t at all shocked by this statistic.
“These industries are among the most dependent on access to their business-critical information, which makes them prime targets for ransomware-producing cyber criminals. Cyber criminals, hoping that organizations will not having ransomware detection technologies in place or will not have recent backups of their data from which they can recover, are more likely to target organizations in these industries, particularly for highly targeted, spearphishing-like attacks.” – authors of the study state.
The bad news is that most of the American companies don’t really know how to properly react in a case of ransomware attack. In fact, only 4% said that they felt “very confident” when it comes to their ability to stop the ransomware without paying the ransom. This means that other 40% of attacked organizations had to pay up to get rid of the problem.
And yet, U.S. organizations haven’t lost hope. They strongly believe that implementing anti-ransomware technology and users trainings are the two most important weapons to fight ransomware. Security teams should also make sure all important data is backed up on regular bases and that the company’s endpoints are continuously monitored for malicious activity. While trying to cope with the dangerous IT environment they are currently operating, companies advise users to keep their eyes opened for any link or email that is out of the ordinary.