Despite most security professionals advocating against making ransomware payments, according to a study by Mimecast titled “The State of Ransomware Readiness,” the United States has the highest average payment for ransomware out of the entire world at more than $6 million per victim. This number is shockingly high, as is the amount of people who are still paying the ransom.
The study examined 742 cybersecurity professionals and found that 80 percent of them had been victims of ransomware attacks over the past two years. Of that number, 39 percent paid the ransom, with the average U.S. victim paying $6,312,190. To provide some context, here are the numbers for other parts of the world:
Other notable statistics include the fact that 40 percent did not pay the ransomware at all, and some lowered their payment through negotiation. The survey cites that the primary way these ransomware attacks spread was through phishing attacks and web-based threats. Victims believe that better network security at their data centers would have prevented these attacks.
Of course, the best approach to ransomware involved having a data backup system, but the survey indicated that less than half of those surveyed had data backup systems in place. Still, 83 percent of respondents claim that they were able to get their data back without paying the ransom, and 77 percent believe that they could get their operations back to normal within two days following such an attack.
How would your company respond were it to become the victim of a ransomware attack? We want you to think about this and approach it carefully. You might not even be infected by ransomware in the first place, so why jump to conclusions and pay up? Also, what guarantees do you have that your data will be safe and decrypted when you do choose to pay up? Furthermore, how many businesses will suffer the same fate if you give hackers the funds they need to continue carrying out these attacks?
We understand that’s a lot of ifs and not a lot of recommendations, but here’s one that you should absolutely do: call your trusted IT resource to assist with making the decision. After you know how bad the attack is, you can make a better decision about how you want to move forward. You should also implement stronger security measures and solutions designed to keep ransomware at bay, like multi-factor authentication, user permissions, access controls, and unified threat management.
Ransomware can cripple a business beyond repair, so don’t wait to protect your business from it until it’s too late. To learn more about how we can help, reach out to us at (403) 210-2927.