All experts agree that ransomware is unpredictable, hard if not impossible to prevent, and is currently showing no signs of slowing. Businesses are facing numerous challenges from this evolving, dangerous threat, with Andy Buchanan from RES recently telling CBR that this form of attack is hard to defend due to it being ‘chameleon-like’.
He said: “The threat itself has become more chameleon-like, but it’s not necessarily becoming any more sophisticated. Instead, how it’s being executed is changing, whether that’s being coded entirely in JavaScript or inserting ransomware into working memory in order to avoid detection by most security software. Hackers are using a combination of traditional and new techniques, which links back to the earlier point about unpredictability. It’s one of the hackers’ biggest advantage.”
Security company Malwarebytes has thrown further light on the current state of ransomware, with findings that should provide a huge red flag to businesses everywhere. Looking at the company’s ‘State of Ransomware’ report, CBR picks out the key findings – findings which highlight why ransomware has evolved into one of the biggest cyber security threats in the wild.
40% attacked
The report, which surveyed 540 CIOs, CISOs and IT Directors from companies with an average of 5,400 employees across the U.S., Canada, U.K. and Germany, found that 40% of businesses have experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue and 20% had to stop business completely.
54% of UK companies hit
Companies in the UK were found to experience more ransomware attacks than the other countries surveyed – pointing to the fact that the UK has a bigger ransomware problem. 54% of UK companies were found to have been hit by a ransomware attack, compared to 47% in the United States. However, Malwarebytes did say that the difference may be due to the difference in sample population – the UK sample had a higher proportion of financial services firms, which may have skewed the results.
58% of UK companies pay up
The report found that many are paying attackers’ ransoms – even though the consensus is that companies should never comply with attacker demands. In 2016 the FBI said that in no circumstances should individuals or businesses pay to regain access to information.
Explaining why businesses should not pay up, Andy Buchanen said: “[not paying a ransom] is good advice for two reasons: firstly, there is no guarantee that you are going to get access to your data or, in the case that you do, the data could be compromised. The saying goes that there is no honour among thieves, and data held to ransom could well have been corrupted during the process, or backdoors left within it so hackers can regain access into your network at their leisure.” On average, 37% of organisations pay the ransom.
28% lost files
There are consequences to not paying the ransom, with more than one-quarter losing files because they did not pay. This should not come as a surprise – there is rarely a way to decrypt files without the key from the ransomware author. 32% of UK companies lost files after refusing to pay.
34% lost money
The report found that the impact of ransomware attacks was significant among companies that were infected – which points to high value data being compromised. Globally, 34% of ransomware attacks caused companies to lose revenue due to the inability to access encrypted files.
9 hours spent on remediation
The report found that more than 60% of those surveyed took more than 9 hours to remediate the impact of an attack.
60% demand over $1,000
Nearly 60% of all ransomware attacks in the enterprise demanded over $1,000. Over 20% of attacks asked for more than $10,000, 1% even asked for over $150,000.
3.5% fear loss of life
An amazing stat to come out of the Malwarebytes report was that 3.5% of companies said lives were at stake because of ransomware’s debilitating effects.
63% experienced severe downtime
Ransomware disrupts – thats a fact. 63% of those surveuyed spent more than an entire business day trying to fix endpoints.
4% confident in dealing with ransomware
One of the more worrying stats, made all the more worrying from the preceeding figures in this article. Just 4% of organisations are ‘very confident’ in their ability to stop ransomware. 78% said they were somewjat or fairly confident, despite the fact that 80% of companies have been the victim of a cyber attack in the last 12 months. One in five were either not confident at all or only minimally confident is their ability to deal with ransomware.
“The results from this survey further emphasize that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes. “Cybercriminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours. In order to stay safe, businesses must invest heavily in both employee education and technology. We are thrilled to be able to give companies a solution that can thoroughly protect them against ransomware threats.”