The cost of being ill-prepared for ransomware attacks continues to grow for businesses.
A scheme where cybercriminals hold access to an organization’s digital information hostage until a ransom is paid, ransomware attacks are one of the most significant cybercrime.
Ransomware attacks worldwide totaled in excess of $20 billion in 2022 – and that’s just from what was reported. Those totals are expected to skyrocket tenfold to $265 billion by 2031.
What’s more, though ransomware attacks decreased between 2021 and 2022, reported attacks were still more than double of any of the previous four years.
Small to medium business owners (SMBs) are not immune to ransomware attacks. More than 80% of ransomware attacks hit SMBs. Nearly 75 % of those victims don’t survive the attack.
But even more concerning – only 17% of U.S. SMBs have a cybersecurity plan. About one-third of SMBs haven’t changed their cybersecurity plan since the COVID-19 pandemic caused them to create or bolster remote and hybrid work opportunities.
Here are our top 12 ransomware attack 2024 questions and their answers:
- How common is ransomware?
- How does ransomware spread?
- How much is a ransomware demand?
- What is the average cost of a ransomware attack?
- What industries are affected most by ransomware attacks?
- How often is a company infected with ransomware?
- How many ransomware attacks are successful?
- What are ransomware groups?
- What is ransomware as a service?
- What is ransomware double extortion?
- Will cyber insurance prevent my organization from being attacked?
- How can one prevent ransomware?
1. How Common is Ransomware?
Out of the 101 different countries, the United States was targeted the most with 42% of all ransomware attacks. The average time between ransomware attacks in the United States from 2021 to 2022 was 11 seconds.
The most common types of ransomware include:
- CryptoLocker
- WannaCry
- Cryptowall
- Locky
- Emolet
- Petya
2. How Does Ransomware Spread?
3. How Much Is a Ransomware Demand?
The average ransom demand was roughly $228,125 in Q1 2021. This figure may seem high for SMBs, but it accounts for businesses of all sizes. SMBs pay an average ransom of $5,900.
The highest ransom demand ever made was to Amey PLC for $2 billion. Of note, the amount of the ransome paid was never disclosed.
4. What Is the Average Recovery Cost of a Ransomware Attack?
Recovery costs of a ransomware attack vary based on the company’s size and complexity of it’s IT infrastructure. Cybersecurity juggernaut, Sophos, estimates the recovery cost of a ransomware attack is estimated at 10 times the amount of the ransom payout. These estimates don’t include the ransom but account for:
- Downtime
- Lost opportunities
- Recovery expenses (e.g. forensic network analysis)
In its “The State of Ransomware 2023” report, Sophos attributed this decrease to two reasons:
- The rising prevalence of ransomware has made attacks less detrimental to an organization’s reputation
- Cyber insurance providers are growing in their ability to guide victims through the remediation process
5. What Industries Are Affected Most by Ransomware Attacks?
While no industry is immune from ransomware attacks, healthcare organizations were hit more than any other in 2022. High-profile attacks, like the Colonial Pipeline attack in May 2021, garner high payouts. The magnitude that the industrial goods and services sector has on the economy makes ransom payments more likely.
Other industries topping the list include:
- Government organizations
- Critical manufacturing
- Construction
- Professional services
- Retail
- Financial services
- Information technology
6. How Often Are SMBs Infected With Ransomware?
Nearly 43% of cyberattacks are targeted towards SMBs with fewer than 100 employees. While large companies make headlines with big payouts, small businesses are easier targets with fewer cybersecurity defenses. Unfortunately, only 14% of SMBs have adequate cybersecurity defenses.
7. How Many Ransomware Attacks Are Successful?
This is a tough one to answer.
Why?
The ransomware attacks that you hear about are the ones that are reported.
Unfortunately, many ransomware attacks go unreported, and the reasons vary. Some companies are:
- Unaware they were a victim
- Embarrassed of being attacked successfully
- Not reporting the attack is part of the ransom
- Looking to minimize fallout/panic
Organizations need to act fast when an attack occurs. Nearly all ransomware infections happen in under four hours, with some software working as quickly as 45 minutes.
8. What Are Ransomware Groups?
Ransomware is quickly developing into a professional industry, with most attacks coming from malicious groups. These groups – or ransomware gangs – often operate like legitimate businesses, with several employee positions, such as coders, research and development, and human resources.
Some of the largest ransomware groups are:
9. What Is Ransomware as a Service?
Ransomware as a service (RaaS) is a subscription-based service that allows affiliates access to ready-made ransomware tools made by developers. A successful ransom payment is split between the developer and the affiliate. Some affiliates earn 75% to 90% depending on the size of the ransom.
RaaS has lowered the bar for entry, allowing even novice hackers to take on big targets. Even the price for service is low, with kits starting as low as $40 per month.
10. What is Ransomware Double Extortion?
Companies without a backup are at the mercy of hackers. They must meet the hackers’ demands if they want their data back. Companies with backups can get their data back without paying ransom demands. Hackers have wised up to this. Many ransomware attacks now include a double threat of encrypting the data and threatening to leak data to competitors or sell it on the black market if ransom demands aren’t met.
11. Will Cyber Insurance Prevent My Organization From Being Attacked?
Just like having health insurance won’t prevent you from getting sick, having cyber insurance won’t protect your organization from a ransomware attack.
An organization is responsible for creating and maintaining its own cybersecurity defenses. In fact, many insurance companies won’t issue a policy if an organization hasn’t implemented adequate cybersecurity measures. Oftentimes, cyber insurance providers have exhaustive cybersecurity checklists those they may cover have to fill out.
Cyber insurance is immeasurably helpful in walking organizations through recovery from an attack. Like a homeowner’s policy covering damage to a house from an extreme weather event, cyber insurance can reduce the burden of the recovery expenses, which can total in the millions.
12. How Can One Prevent Ransomware?
Unfortunately, no one is immune to getting ransomware, however, there are steps companies can take to minimize their chances of getting hit with a successful ransomware attack. When it comes to the “how to” prevent ransomware, these basic – yet effective – ransomware prevention best practices are worth their weight in gold:
- Employee cybersecurity education
- Current antivirus and endpoint protection
- Strong password management
- Offsite backups
- Multi-factor authentication
Bonus Question!: Does Bitlocker Prevent Ransomware?
Bitlocker is a hard drive encryption protection feature that works with a computer’s operating system and addresses the threats of data exposure from lost, stolen or inappropriately decommissioned computers.
Can Bitlocker prevent ransomware?
Kind of – it’s not protection from viruses or malware. What it can do is lower the severity of a ransomware attack and its impact on your operations. It also put up barriers against those with less than good intentions.
Protect Your Organization From Becoming Another Ransomware Statistic
Protecting your organization from ransomware attacks isn’t easy. Omnis Technologies is available to help your business develop an attack-prevention strategy. Click here to connect with us today.
This article was originally published in July 2022 and was recently updated to reflect industry trends.