Ransomware crooks blitzed midmarket organizations the hardest last year, with nearly one in three companies mostly in the manufacturing, technology and consumer-centric industries victimized by cyber extortion, a new report said.
Ransom demands in currency ran from $500 up to $1 million and in crypto-currency from one to three bitcoins, or about $600 to $11,000, according to KnowBe4’s 2018 Threat Impact and Endpoint Protection Report, a survey of 500 companies worldwide that dug into ransomware’s impact on an organization. Most organizations refused to comply with the demands, the report said.
Here are some more findings from the study:
- Payments: The more critical the hijacked data is to an organization, the higher the likelihood it will pay the ransom, the report said. Encryption mostly impacts common file types such as Microsoft Office that may include proprietary data.
- Downtime: Digital kidnappings caused the most downtime hours in midmarket and enterprise organizations. On average, 16 workstations, five servers and 22 users within an organization are affected in any given attack with a mean downtime of 14 hours.
- Backups: One beacon of light among the cyber crime is companies are realizing the value in maintaining backup copies of their data, with 61 percent recovering server data from backups and 35 percent recovering workstation data from backups.
In general, cyber crooks have adopted a “shotgun” approach, KnowBe4 said, targeting any business for whatever ransom it can squeeze out of the company. Attacks are widespread and opportunistic, delivering both ransomware and external malware payloads, the data showed. Despite a plethora of readily available security defenses, nearly twice as many (25 percent) of the study’s participants fell victim to an external malware attack as became a ransomware hostage (13 percent).
As for external malware attacks:
- Targets, frequency: On average 24 percent of all organizations in the study experienced an incident in the last 12 months, with consumer-focused businesses, non-profits, technology and professional services getting hit the hardest. Of those targeted in 2017, 28 percent were also victimized in 2016.
- Impact: The number of systems impacted during an external attack was more than a single endpoint, with the average malware-based external attack affecting five workstations and one server.
- Records: Midmarket and enterprise organizations had up to 100,000 records breached. The average number of records breached was more than than 15,000.
“While ransomware attacks are becoming more and more sophisticated, they are preventable,” said Stu Sjouwerman, KnowBe4’s CEO. “As these threats continue to grow, it’s imperative that organizations mobilize their last line of defense – their employees – to help protect against this threat.”
With that said, KnowBe4, which specializes in security and training awareness for corporate employees, spotted some positive trend lines from the data toward limiting exposure to ransomware and external malware:
- Security software: 89 percent of the survey’s respondents have installed security software, up from 76 percent in 2016.
- Training: 36 percent enacted break room style training, up from 28 percent in 2016.
- Videos, emails: 52 percent implemented monthly training videos and emails, up from 26 percent in 2016.
- Phishing tests: 57 percent conducted regular phishing tests, up from 36 percent in 2016.
- Training/testing: 54 percent made security assessments, up from 34 percent in 2016.
