Greater than three-in-ten ransomware victims are being hit a number of occasions, due to ineffective defenses and security fragmentation.
Based on Barracuda Networks’ Ransomware Insights Report, 57% of organizations fell sufferer to a profitable ransomware assault within the final 12 months, with 31% of victims affected greater than as soon as.
A ransom was paid in 32% of circumstances, rising to 37% amongst organizations affected twice or extra. Greater than two-in-ten mentioned they’d skilled strain to make funds by threats to companions, shareholders, and prospects, and 16% reported threats to workers.
Nonetheless, 41% of those that paid a ransom didn’t recuperate all their knowledge, the examine famous. Decryption instruments supplied by the attackers don’t at all times work, or solely a partial key could also be supplied.
In the meantime, recordsdata might be broken throughout the encryption and decryption processes – or, typically, the ransom is paid however decryption instruments aren’t provided.
Many ransomware victims lack fundamental security, with solely 47% utilizing an e mail security answer, for instance, in contrast with 59% of non-victims. Greater than seven-in-ten organizations that suffered an e mail breach had been additionally hit with ransomware.
“The findings make it clear that ransomware is an escalating risk, and fragmented security defenses depart organizations immensely weak,” mentioned Neal Bradbury, chief product officer at Barracuda.
“Too many victims are juggling an unmanageable variety of disconnected instruments, usually launched with the very best intentions to strengthen safety. Instruments that may’t work collectively, or which aren’t configured accurately, create security gaps and result in breaches.”
Slightly below 1 / 4 of the ransomware incidents reported concerned knowledge encryption, whereas 27% noticed the attackers stealing and publishing knowledge. Hackers contaminated gadgets with different malicious payloads in 29% of circumstances, and put in backdoors for persistence in 21%.
Ransomware assaults are getting worse
The affect of a profitable ransomware assault can be rising. Round four-in-ten victims mentioned they’d suffered from reputational hurt, with 1 / 4 reporting tangible enterprise affect and an identical quantity saying they’d misplaced new enterprise alternatives.
Equally, round 1 / 4 of the ransomware incidents reported concerned the encryption of information, locking endpoints and knowledge theft.
Attacks additionally featured lateral motion throughout the community, the an infection of a number of endpoints, the set up of extra malicious payloads, privilege elevation, and embedding backdoors and different persistence mechanisms.
To make it more durable for victims to revive their knowledge with out paying, round one in 5 attackers accessed and wiped backups and deleted shadow copies of recordsdata.
“In lots of circumstances attackers can transfer by victims’ networks, having access to gadgets, knowledge and extra with out being detected and blocked,” mentioned Bradbury.
This text initially appeared on ITPro.
