Getting to know ransomware statistics is imperative if you’re to protect your business from this ever-present threat. If there’s one thing that ICT managers and cybersecurity teams can agree on, it’s the importance of identifying new threats and implementing countermeasures. Unless you familiarize yourself with key ransomware stats, how can you protect your interests from the latest ransomware attacks?
As much as it can feel like it’s all you can do to keep your head above water sometimes, a good knowledge of ransomware stats is essential for a proactive approach to cybersecurity.
As we edge closer to the end of the year, it’s important to take stock of the ransomware statistics of 2019 if we’re to be prepared for the threats 2020 will bring. With that in mind, let’s familiarize ourselves with some scary (but important) ransomware facts and stats.
Only have a moment to spare? These terrifying but fascinating facts paint a picture of the state of current ransomware attacks:
Sobering stuff to be sure! Let’s dive deeper into some key ransomware stats of 2019 and the past few years to better understand the scope of the issue and prepare ourselves to face tomorrow’s threats.
Make no mistake; ransomware is more than just an ever-present threat. It’s an ever-evolving threat that continues to impact businesses of all shapes and sizes at an increasingly alarming rate.
Looking at ransomware attacks that have occurred recently, it becomes clear that even if your business has yet to perceive a ransomware attack, you may be on borrowed time. Take a look at these statistics on the disturbing rate of global ransomware attacks.
It’s easy to assume that it’ll never happen to you. But this sobering statistic highlights the uncomfortable truth that new businesses are affected by ransomware attacks every day. Within just over a year, it’s expected that a new business will be affected by a ransomware attack nearly every 10 seconds.
Businesses can no longer afford to assume that they will never be among the afflicted.
Phishing emails are among the most common methods by which ransomware is introduced into business systems. And with this common threat increasing by over 100% in the past two years, it’s essential to implement staff training to ensure that your team knows a phishing email when they see it.
A phishing site (also referred to as a “spoof site”) looks virtually identical to a legitimate website and is used to capture data that could allow cybercriminals to access important data. As with phishing emails, it’s essential that staff are given sufficient training to help them identify phishing sites, especially if they are masquerading as intranet pages or browser-based applications that employees use as part of their work.
That’s a scary increase! The unfortunate truth is that as long as cybercriminals find ransomware attacks profitable, businesses can expect them to become increasingly inventive and commonplace, which is why it’s so imperative that businesses prepare themselves.
When calculating the cost of ransomware, it’s vital that we remember the operational cost of operating without access to your data. In the case of almost 35% of ransomware victims, it took a week or longer to regain their data, causing them to operate in a diminished capacity or even close their doors.
A ransomware attack is an expensive proposition. Aside from the operational costs of having to operate without data, software, or hardware, there’s also the prospect of the payout itself. Without the right cybersecurity redundancies like Malwarebytes or McAfee Ransomware, not to mention robust cyber insurance, losses incurred could be crippling to your SMB.
The average ransomware demand for this year is almost three times the average for 2018. This means that businesses must be prepared for the average demand to rise exponentially again in 2020.
The sad truth is that even with robust insurance, it can be difficult to return to business as usual after an attack because the effects of ransomware can be far-reaching. According to Kaspersky, 17% of businesses never got their data back even after paying the ransom.
Even when incorporating proper redundancies and insurance, it can be extremely difficult to fully recover financially from a ransomware attack. Over 66% of businesses never truly recover the cost of an attack, which is why it’s so important to invest in the right antivirus protection and form a proactive cybersecurity strategy.
While ransomware remains a global threat, US-based organizations are among the most commonly affected. In fact, almost half of all US businesses have been affected in one way or another by ransomware.
Again, if your business has not yet been one of them, you may be on borrowed time.
Interestingly, only 3% of American companies actually pay the ransom. In many cases, this has actually been against express FBI ransomware advice. In some cases, this is the result of a lack of backup data. Germany has paid 22% of ransoms, the UK paid 42%, and Canada has paid more than three-quarters of all ransoms (77%).
Even though the average ransomware demand rarely exceeds $50,000, the costs associated often far eclipse the ransom itself. Between downtime and other associated costs, businesses can expect to lose an average of $64,000.
Broadly speaking, there are two main ransomware types. There’s the kind that blocks access to your files or data via encryption and those that block out access to computers and devices altogether. But one thing’s for sure, the variants of ransomware are evolving at an alarming pace.
One of the biggest challenges when developing a comprehensive approach to ransomware is the fact that new families and new variants are always increasing almost by half as we enter the 2020s. Some of the most commonly used among cybercriminals include GandCab, SamSam, Locky, and Crypt XXX.
The WannaCry statistics make for some sobering reading. A new variant of this malign software was used recently to send operations at Taiwan Semiconductor Manufacturing Company. To date, WannaCry has infected hundreds of thousands of machines and generated tens of thousands in Bitcoin for its authors. Even two years after its debut, it remains one of the most popular and feared ransomware programs.
It comes as no surprise that hospital ransomware is still big business, accounting for almost half of all ransomware attacks reported last year.
One of the biggest payouts this year following ransomware attacks in the USA was paid by Jackson County, GA. This latest attack locked the sheriff’s office and a number of other local agencies out of their computer systems. Upon payment of the ransom, all parties thankfully regained access to their data. Nonetheless, this shocking ransomware stat shows that municipalities remain profitable targets.
The healthcare industry is one of the biggest known ransomware targets, and it’s easy to see why. Healthcare institutions rely heavily on their computers and digital equipment to save lives and are responsible for huge volumes of patient data.
As more and more cybercriminals target the healthcare industry with ransomware attacks, this has given rise to the belief among the cybercriminal fraternity that these institutions are more likely to pay out. Whether or not that’s true, healthcare is expected to be bombarded by ransomware attacks well into the next decade.
One of the scariest things about reporting ransomware statistics is the knowledge that there are so many attacks that go unreported. In fact, over three-quarters of SMBs don’t even report attacks. And when this happens, the wider business community can’t learn from the mistakes and vulnerabilities of others.
According to Datto’s Global State of the Channel Ransomware Report, during the first half of 2018, iOS and Mac devices saw an insane increase in ransomware attacks. As you can see, not even Apple devices are safe.
Only 20% of mobile malware attacks were delivered through a mobile browser. That said, when it comes to ransomware on iOS and Android devices, mobile apps are the key point of vulnerability. This is why it’s more important than ever that businesses hold their employees to account when it comes to downloading apps onto company devices.
As more and more businesses rely on mobile devices, they no longer need to just protect themselves from ransomware on Mac and PC. In an age where employees bring their mobile devices onto the premises (whether they’re allowed to or not), the need not only for proper cybersecurity software but established BYOD policies and procedures become ever clearer.
While time will tell us the total number of ransomware attacks in 2019, it’s fair to say that this year has seen a marked increase on last year. Industries, businesses, and municipalities that have yet to truly grasp the extent of their vulnerability have found themselves victims. What’s more, even organizations with up to date endpoint protection and robust ransomware antivirus software have found themselves exploited.
These ransomware stats provide a clear roadmap for what organizations need to look out for in the coming year and decade. As the business world becomes more reliant on mobile devices, 5G, and the Internet of Things, these exciting developments lead to challenges as well as opportunities.
Use these ransomware statistics to formulate and refine your ongoing cybersecurity strategy. Learn from the vulnerabilities in your industry and ensure that you are protected by security software and insurance as well as procedures, policies, and measures for employee accountability.
Don’t let your organization become just another one of next year’s ransomware stats!