Enterprises face serious ransomware epidemic

ransomware cash

A new global ransomware study of nearly 1,000 organizations in a variety of industries finds most firms are facing a never-ending series of breaches, a serious epidemic that leaves them continuously in the crosshairs of ransomware gangs.

The study from Semperis also shows that 39 percent of attacked companies in the US, UK, France and Germany paid a ransom four times or more in the past 12 months.

More than 80 percent of ransomware attacks eventually compromised an organization's identity system, such as Microsoft Active Directory (AD) or Entra ID, yet only 27 percent of companies don’t have dedicated AD or Entra ID recovery plan in place.

"For management and the Board to make an educated decision not to pay ransom, they need to know how long recovery will take and have confidence in the process. That means you must test your plan in as close to a real-world scenario as possible and present it to the Board before an attack occurs. That way, when disaster strikes, decision makers will have been confident in their ability to say 'no' to attackers," says Mickey Bresman, CEO of Semperis.

The report shows that 87 percent of attacks caused business disruption -- even for those that paid ransom -- including data loss and the need to take systems offline. For 16 percent of respondents, the attack created a life-or-death dilemma.

Paying ransom doesn't guarantee a return to normal business operations either, 35 percent of victims who paid a ransom either did not receive decryption keys or received corrupted keys. Recovery times are poor too, 49 percent of respondents needed between one and seven days to recover business operations to minimal IT functionality after a ransomware attack, and 12 percent needed seven days or more.

"Considering that there is a 24/7 threat arrayed against today's organizations, you can never say 'I am safe' or take a moment off. The best you can do is to make your environment defensible and then defend it," says Chris Inglis, Semperis strategic advisor and first US National Cybersecurity Director.

You can get the full report from the Semperis site.

Image credit: Bacho/Shutterstock

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.