50% of U.S. Companies Have Experienced a Ransomware Attack in the Past 12 Months

A recent survey conducted by Vanson Bourne on behalf of endpoint protection software vendor SentinelOne has cast light on the extent to which ransomware is being used to attack organizations around the globe.

500 cybersecurity decision makers were asked questions about recent ransomware attacks experienced by their organization. 48% of respondents said they had experienced at least one ransomware attack in the past 12 months, and those organizations were attacked an average of six times in the past year. 50% of respondents in the United States said they had experienced a ransomware attack in the past 12 months.

Not all attacks resulted in files being encrypted. 27% of respondents said ransomware was installed, but the attackers were not able to encrypt any data. 25% said some files were encrypted but it was possible to recover the files from backups. 45% said files were encrypted but it was possible for the company to decrypt the files. Only 3% of organizations said attacks resulted in file encryption that their organization was unable to decrypt.

Ransom payments were not always made, although the overwhelming majority of respondents – 94% – said the attacks had an impact on their organizations. U.S. companies that were able to recover encrypted files from backups spent an average of 38 man-hours on the task. 67% said ransomware attacks prompted their organization to increase spending on IT security, while 52% said the attacks had resulted in a change in IT security strategies to focus on mitigation. After being attacked, 45% of respondents said they had lost confidence in their cybersecurity defenses.

A majority of ransomware victims said they were able to identify the attacker. 47% said the attacker was based in Eastern Europe while 45% said attack came from within their own country.

48% said an attack had been conducted by organized cyber criminals and 46% said an attack was performed by an opportunistic hacker. Attacks were also performed by disgruntled employees, dissatisfied customers, rival organizations, protesters, and hacktivists.

While the FBI has urged all organizations to notify law enforcement of a ransomware attack, only 54% of ransomware victims said law enforcement was notified. 61% said they notified the board or CEO, half of respondents said they informed their lawyers, while only 38% would or did alert customers.

81% of respondents said the attacker had installed the ransomware via phishing emails or social media websites. 50% said an attack had occurred via a drive-by download from a compromised website, while 40% said an infection had occurred via a computer that was part of a botnet.

71% of respondents said they needed a new solution to deal with the ransomware threat, while 65% said traditional cybersecurity defenses were ineffective against ransomware and the latest forms of malware. 44% said antivirus software is now dead and is not offering protection against the latest threats, although 85% of respondents said they still installed antivirus software on static endpoints. In many cases, as a checkbox option to satisfy industry regulations.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.