International Study Finds Nearly 40 Percent of Enterprises Hit By Ransomware in the Last Year

SANTA CLARA, Calif. – August 3, 2016 – Malwarebytes™, the leading advanced malware prevention and remediation solution, released new findings today on the growing threat to companies from ransomware. The multi-country study surveyed 540 CIOs, CISOs and IT Directors from companies with an average of 5,400 staff across the U.S., Canada, U.K. and Germany and found that nearly 40 percent of businesses have experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue and 20 percent had to stop business completely.

The report, entitled “State of Ransomware,” was sponsored by Malwarebytes and conducted by Osterman Research to explore ransomware attack frequency, how it works in an enterprise environment, ransom cost, infiltration points, impact, preparedness and more.

“Over the last four years, ransomware has evolved into one of the biggest cyber security threats in the wild, with instances of ransomware in exploit kits increasing 259 percent in the last five months alone,” said Nathan Scott, Senior Security Researcher at Malwarebytes and ransomware expert. “Until now, very few studies have examined the current prevalence and ramifications of actual ransomware incidents in the enterprise.”

Additional international findings include:

  • Nature of attacks: Nearly half of attacks (46 percent) originated from email.
  • Cost of attacks: Nearly 60 percent of all ransomware attacks in the enterprise demanded over $1,000. Over 20 percent of attacks asked for more than $10,000, 1 percent even asked for over $150,000.
  • Many are paying the ransom: Globally, more than 40 percent of victims paid the ransom demands.
  • Significant time spent on remediation: More than 60 percent of attacks took more than 9 hours to remediate.
  • Attacks frequent in certain industries: Healthcare and financial services were the leading industries attacked with ransomware globally, both of which were targeted well above the average ransomware penetration rate of 39 percent.
  • Potential loss of life: Amazingly, 3.5 percent even said lives were at stake because of ransomware’s debilitating effects

Severe downtime: 63 percent spent more than an entire business day trying to fix endpoints

  • Switch from protection, to disaster planning: The most popular way of addressing the problem is not through protection, but by backing up data (over 71 percent).

Survey findings specific to Canadian organizations show that companies in Canada are most likely to pay ransom demands (75 percent) compared to their counterparts in Germany the U.S. and the U.K. 82 percent of Canadian organizations also lost files.

Key Canadian survey findings include:

  • Security attacks with ransomware are increasing: 72 percent of Canadian companies suffered a security attack in the last 12 months; with more than a third being hit with ransomware. US organizations are the most attacked among the organizations surveyed with 80 percent suffering a cyber attack in the last year and more than half experienced a ransomware incident.
  • Ransomware moves well beyond the initial compromised endpoint: Among the regions surveyed, Canada ranked highest for ransomware penetration with 42 percent of attacks affecting 26 percent or more of the corporate network.
  • Upper management and C-Level executives are at higher risk: Canadian survey results show that 22 percent of attacks impacted mid-level managers or higher, with 8 percent of incidents attacking senior executives and the C-Suite.
  • Business has a high risk: The business impact in Canada was high, with 43 percent of the organizations surveyed expressing lost revenue and 25 percent revealing a stop in business due to ransomware. Eleven percent claimed that lives were at risk from ransomware, the highest percentage among the regions surveyed.
  • Canada almost always paid the ransom: Canadian organizations were the most likely to pay ransom demands (75 percent) and if they didn’t pay, 82 percent lost files.
  • Highest cost of ransom: The cost of ransomware attacks in Canada is much higher than in the U.S., with nearly 65 percent of attacks costing between $1000 – $50,000.
  • Business applications are the top vector for spreading ransomware: Business applications are a more common entry point for ransomware (18 percent) in Canadian organizations than they are in the other nations surveyed. More than half of the US attacks originated with email. Email links are a much less likely source of ransomware entry than in other nations, possibly because of Canada’s very strict anti-spam laws.
  • False sense of security: With an increase in ransomware-based attacks, the highest penetration rate and business disruption, Canadians have a false sense of security with 51 percent fairly confident in their ability to stop ransomware.
  • Ransomware attacks target healthcare and financial services: Healthcare and financial services were the leading industries attacked with ransomware globally, both of which were targeted well above the average ransomware penetration rate of 39 percent.

To address this issue head on, Malwarebytes also announced today, new anti-ransomware additions to Malwarebytes Endpoint Security, an innovative platform that delivers powerful multi-layered defense for smart endpoint protection against malware and ransomware. Later this month, Endpoint Security platform customers will have access to signature-less behavioral monitoring technology that automatically detects and blocks both known and unknown ransomware, greatly reducing vulnerability to these attacks.

“The results from this survey further emphasize that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes. “Cybercriminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours. In order to stay safe, businesses must invest heavily in both employee education and technology. We are thrilled to be able to give companies a solution that can thoroughly protect them against ransomware threats.”