August 4, 2016 by Canadian Underwriter
Companies in Canada are most likely to pay ransomware demands and are ranked among the highest for lost revenue and business interruption, according to an international study of 5,400 IT staff across Canada, the United States, the United Kingdom and Germany.
The multi-country State of Ransomware report, released on Wednesday, was sponsored by advanced malware prevention and remediation company Malwarebytes and conducted by Osterman Research to explore topics such as ransomware attack frequency, how it works in an enterprise environment, ransom cost, infiltration points, impact and preparedness. The report, “with an emphasis on the results from Canadian organizations,” involved a survey of 540 chief information officers, chief information security officers and IT directors from companies with an average of 5,400 staff across the four countries. In Canada, 125 surveys were completed and the “financial services/banking/insurance” industry represented 11% of industries surveyed.
Survey findings specific to Canadian organizations show that companies in Canada are most likely to pay ransom demands (75%) compared to their counterparts in Germany, the U.S. and the U.K. More than eight in 10 (82% of) Canadian organizations also lost files if they didn’t pay, Santa Clara, Calif.-based Malwarebytes added in a press release.
“Interestingly and somewhat ironically, Canadian organizations were the most likely to pay ransomware demands AND the most likely to lose files if they chose not to pay,” the report said. “The fact that files were lost after a decision not to pay a cyber criminal’s ransom demands is not surprising, but the relative proportion in Canada that lost files is a bit perplexing.”
In addition, 43% of surveyed organizations expressed losing revenue and 25% revealed a stop in business due to ransomware. “Eleven per cent claimed that lives were at risk from ransomware, the highest percentage among the regions surveyed,” the release said.
Among the Canadian survey findings:
“The impact of ransomware on Canadian organizations is significant relative to the other nations surveyed in a couple of ways,” the report said. “First, ransomware victims in Canada were much less able to contain the spread of the infection to fewer than one per cent of the endpoints when compared to organizations in the United States. Second, Canada is the only other nation surveyed beside the United Kingdom in which some ransomware infections spread to the entire corporate network.”
“The results from this survey further emphasize that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes, in the release. “Cybercriminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours. In order to stay safe, businesses must invest heavily in both employee education and technology.”
Nathan Scott, senior security researcher at Malwarebytes, added that over the last four years, ransomware has evolved into one of the biggest cyber security threats, with instances in exploit kits increasing 259% in the last five months alone.
Among the report’s international findings: