Canadian companies likely to pay ransomware demands, among highest for lost revenue and business interruption, international study finds

Companies in Canada are most likely to pay ransomware demands and are ranked among the highest for lost revenue and business interruption, according to an international study of 5,400 IT staff across Canada, the United States, the United Kingdom and Germany.

The multi-country State of Ransomware report, released on Wednesday, was sponsored by advanced malware prevention and remediation company Malwarebytes and conducted by Osterman Research to explore topics such as ransomware attack frequency, how it works in an enterprise environment, ransom cost, infiltration points, impact and preparedness. The report, “with an emphasis on the results from Canadian organizations,” involved a survey of 540 chief information officers, chief information security officers and IT directors from companies with an average of 5,400 staff across the four countries. In Canada, 125 surveys were completed and the “financial services/banking/insurance” industry represented 11% of industries surveyed.

Survey findings specific to Canadian organizations show that companies in Canada are most likely to pay ransom demands (75%) compared to their counterparts in Germany, the U.S. and the U.K. More than eight in 10 (82% of) Canadian organizations also lost files if they didn’t pay, Santa Clara, Calif.-based Malwarebytes added in a press release.

“Interestingly and somewhat ironically, Canadian organizations were the most likely to pay ransomware demands AND the most likely to lose files if they chose not to pay,” the report said. “The fact that files were lost after a decision not to pay a cyber criminal’s ransom demands is not surprising, but the relative proportion in Canada that lost files is a bit perplexing.”

In addition, 43% of surveyed organizations expressed losing revenue and 25% revealed a stop in business due to ransomware. “Eleven per cent claimed that lives were at risk from ransomware, the highest percentage among the regions surveyed,” the release said.

Among the Canadian survey findings:

• Security attacks with ransomware are increasing – 72% of Canadian companies suffered a security attack in the last 12 months, with more than a third (35%) being hit with ransomware. (U.S. organizations are the most attacked among the organizations surveyed with 80% suffering a cyberattack in the last year and more than half experienced a ransomware incident);
• Ransomware moves well beyond the initial compromised endpoint – Among the regions surveyed, Canada ranked highest for ransomware penetration with 42% of attacks affecting 26% or more of the corporate network;
• Upper management and C-Level executives are at higher risk – Canadian survey results show that 22% of attacks impacted mid-level managers or higher, with 8% of incidents attacking senior executives and the C-Suite;
• Highest cost of ransom – The cost of ransomware attacks in Canada is much higher than in the U.S., with “the most common amounts demanded by ransomware perpetrators” no more than $6,500. “Those who faced demands of ‘only’ CDN$650 or less constituted around nine per cent of organizations surveyed, while 30% of organizations have seen demands upwards of CDN$13,000.”
• Business applications are the top vector for spreading ransomware – Business applications are a more common entry point for ransomware (18%) in Canadian organizations than they are in the other nations surveyed. While more than half of the U.S. attacks originated with email, email links are a much less likely source of ransomware entry than in other nations, “possibly because of Canada’s very strict anti-spam laws”;
• False sense of security – With an increase in ransomware-based attacks, the highest penetration rate and business disruption, Canadians have a false sense of security with 51% “fairly confident” in their ability to stop ransomware;
• Ransomware attacks target healthcare and financial services – Healthcare and financial services were the leading industries attacked with ransomware globally, both of which were targeted well above the average ransomware penetration rate of 39%.

“The impact of ransomware on Canadian organizations is significant relative to the other nations surveyed in a couple of ways,” the report said. “First, ransomware victims in Canada were much less able to contain the spread of the infection to fewer than one per cent of the endpoints when compared to organizations in the United States. Second, Canada is the only other nation surveyed beside the United Kingdom in which some ransomware infections spread to the entire corporate network.”

“The results from this survey further emphasize that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes, in the release. “Cybercriminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours. In order to stay safe, businesses must invest heavily in both employee education and technology.”

Nathan Scott, senior security researcher at Malwarebytes, added that over the last four years, ransomware has evolved into one of the biggest cyber security threats, with instances in exploit kits increasing 259% in the last five months alone.

Among the report’s international findings:

• Nearly half of attacks (46%) originated from email;
• Nearly 60% of all ransomware attacks in the enterprise demanded over $1,000. Over 20% of attacks asked for more than $10,000 and 1% even asked for over $150,000;
• Globally, more than 40% of victims paid the ransom demands;
• More than 60% of attacks took more than 9 hours to remediate;
• 63% spent more than an entire business day trying to fix endpoints;
• The most popular way of addressing the problem is not through protection, but by backing up data (over 71%); and
• “Amazingly, 3.5% even said lives were at stake because of ransomware’s debilitating effects.”