A recent ransomware survey has unveiled fresh new insights into the experiences of medium-sized companies across the world. It looks at the prevalence of attacks, as well as the impact on organisations and year-on-year trends. The survey took place in January and February 2021 of 5,400 IT decision-makers across 30 countries.
- 37% of organisations were victims of a ransomware attack in the last year.
- 54% of those attacked by ransomware in the last year said the cybercriminals succeeded in encrypting their data in the most significant of attacks.
- 96% of those whose data was encrypted got their data back in the most significant attack.
- The average ransom paid by mid-sized organisations was US$1.85 million.
- Extortion-style attacks where data not encrypted have more than doubled since last year, up from 3% to 7%.
- Trained IT staff, who prevent attacks, were the most common reason some companies are confident in their processes.
Of the 5,400 surveyed, 37% were hit by ransomware last year. Defined as multiple computers, being impacted by a ransomware attack, but not necessarily encrypted. Although a high number, it was a significant reduction from the 51% hit last year.
It is known, many attackers have moved from the larger scale, generic, automated attacks to more targeted attacks that include human-operated, hands-on-keyboard hacking, where the damage is more costly.
Of the companies surveyed, retail and education experienced the highest level of attacks, with 44% suffering. While healthcare is always widely reported, just 34% reported an attack.
The survey also highlighted that more victims are paying the ransom. We will cover what happens when you pay the cybercriminals in a separate blog.
Trained IT staff provided ransomware confidence, with those not attacked confirming they also do not expect one in the future. Other companies reported working with cybersecurity companies was aiding not having an attack. There is also an amount of miscommunication, with companies advising they do not expect an attack because they have backup or insurance to protect them. Sadly, no organisation is safe.
What are the best practices to follow?
- Assume an attack will happen, as being prepared is better than the other way around.
- Have a secure Backup, as this is the first method organisations use to get data back.
- Deploy layered protection, meaning attackers will be stopped from as many points as possible.
- Trained IT staff, or if you do not have the expertise, outsource to a trusted an IT managed services provider.
- Do not pay the ransom, whilst easier said than done when the organisation has ground to a halt.
- A malware recovery plan is the best way to stop a cyberattack from turning into a breach.