More Than Half of Organizations Victimized by Ransomware in 2016

Trend Micro, a global provider of cyber security solutions, has announced results from their “Ransomware Response Study” of more than 225 U.S. organizations, which was conducted in partnership with Information Security Media Group (ISMG), a global security media organization. The survey assessed businesses’ preparedness for ransomware attacks, as well as how organizations have responded to such attacks over the past year.

More than half of respondents (53 percent) say they have been victims of an attack in the past year, and 42 percent are unaware of how frequently they are attacked. However, nearly three out of five (59 percent) security leaders believe their current ransomware defenses are above average or superior. These results show an apparent disconnect between the perception of organizational security defenses and the number of effective ransomware attacks.

trend micro cloud security“This survey reinforces the need for security leaders to understand their company’s defenses, and make calculated improvements to prevent and detect ransomware attacks in 2017,” said Ed Cabrera, chief cybersecurity officer for Trend Micro. “Security leaders often rely on backups and traditional defenses to protect against ransomware. Cybercriminals know this and understand that some regular security measures, like patching, vary greatly in frequency, and they will target these weaknesses quickly using exploit kits to deliver ransomware before a company can address the issue.” 

“This survey reinforces the need for security leaders to understand their company’s defenses, and make calculated improvements to prevent and detect ransomware attacks in 2017,” said Ed Cabrera, chief cybersecurity officer for Trend Micro. “Security leaders often rely on backups and traditional defenses to protect against ransomware. Cybercriminals know this and understand that some regular security measures, like patching, vary greatly in frequency, and they will target these weaknesses quickly using exploit kits to deliver ransomware before a company can address the issue.”

Ransomeware Families

Trend Micro has observed an average of 10 new ransomware families per month, and the survey confirmed this startling growth with nearly one in five (19 percent) organizations reporting they are each hit by ransomware more than 50 times per month. A majority of respondents (60 percent) pinpoint susceptibility of employees as the primary entry method allowing attacks to penetrate an organization, while 65 percent of ransomware stems from compromised websites, likely clicked on from an email by an unsuspecting employee.

“Ransomware became one the highest profile challenges facing cybersecurity professionals in 2016,” said Tom Field, vice president of editorial at ISMG. “Based on our research, we feel that nothing indicates a slowing down of this problem, in fact, we may have only scratched the surface. With organizations reporting that their own employees are their greatest threat exposure, I expect a drastic increase in training, awareness and vigilance across all organizations in 2017.”

Business disruption was reported as the greatest consequence from ransomware attacks (59 percent), followed by reputational damage (28 percent). IT leaders have largely resisted ransomware schemes, with nearly eight out of 10 respondents (77 percent) acknowledging they have never paid ransom as a result of an attack, while only two percent report they had paid.