In the last year, more than one third of organizations worldwide have suffered a ransomware attack, according to a new ransomware report from International Data Corporation (IDC).
Many of those surveyed said they had suffered from multiple ransomware events.
U.S. companies tended to fair better than their worldwide counterparts, with a 7% attack rate, compared to 37%. The industries targeted the most were financial services and manufacturing. Transportation, telecommunications and utilities/media industries reported the lowest incidents of ransomware attacks.
Most who were successfully attacked paid the perpetrator, with only 13% reporting they didn’t pay the ransom. The average payment was nearly $250,000, but some paid more than $1 million.
Among actions companies have taken to protect themselves:
- Reviewing and certifying security and data protection/recovery practices with partners and suppliers
- Periodically stress-testing cyber response procedures
- Increased sharing of threat intelligence with other organizations and/or government agencies.
“Ransomware has become the enemy of the day; the threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on main street,” said Frank Dickson, program vice president, IDC cybersecurity products, in a prepared statement. “As the greed of cybermiscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion.”