Ransomware isn't just a case for the headlines. It's a danger that needs to be taken seriously, and one that has caught the attention of cybersecurity leaders around the world: In a joint study by ForeNova and Cybersecurity Insiders, 32% of study participants said yes if it had been attacked by cybercriminals with ransomware. Pleasant: Only six percent of affected companies paid the ransom to save their data. Worryingly, only 15% of all respondents were able to rule out ransomware attacks. Another 17% did not know if they had previously been the target of ransomware attacks. Alarmingly, only 37% of respondents are extremely or very confident that they can defend themselves against ransomware. However, one should only warn against such a mistake.
These are the key findings of a cross-industry study commissioned by IT security vendor ForeNova and conducted by the online community Cybersecurity Insiders in Fall 2022. 236 companies of various sizes from various industries in the United States and Canada were surveyed.
The study provides the following key findings, as well as other data on the frequency and defense against extortion attacks:
- The potential danger of ransomware is undisputed
53% of respondents see ransomware as the biggest IT security challenge, followed by the risks posed by remote workers (47%). IT security managers are therefore much more afraid of the blackmail letter than, for example, of limited visibility into IT (41%) or the threat to hybrid cloud environments (40%). More than a second (52%) see it as an extreme threat to the company's business, 36% as a moderate threat, only 10% as a minor threat and 2% as no threat. 71% assume the danger will increase. 48% believe an attack is very likely or likely in the next 12 months. Apparently, potential victims are aware of the expertise of cybercriminals in extortion attacks. The unavailability of data and systems is also the biggest threat to the continued existence of the business.
Figure 1: Top IT Security Challenges (Source: ForeNova)
- Obvious effects of ransomware
Respect for ransomware is also based on the consequences of the attacks that have occurred. 51% of the attacked companies experienced productivity losses, 41% could no longer access their systems due to downtime. Nearly one in four businesses have experienced a loss of sales, and just as many victims have lost their data (24% each), which can have life-threatening effects. Every second company attacked increased IT security spending. However, they are apparently aware that they cannot rule out another attack: 43% of respondents are increasingly focusing their IT security strategy on mitigating the consequences of an attack.
Figure 2: Impact of ransomware attacks over the past 12 months (Source: ForeNova)
- Ransomware attacks are becoming more versatile and mobile
Data encryption remains the primary target of attackers. In 81% of the attacks that took place, hackers used tools to encrypt files so that users couldn't access them. But 18% of distributed malware went further and encrypted the Master Boot Record (MBR) or New Technology File System (NTFS). If these core systems are encrypted for booting or for addressing storage space on a data medium, users can no longer boot an operating system or find files. The system fails completely. The share of so-called leakware or extortion was also 18%. As a result, attackers exfiltrate the data and then threaten to publish it. In 12% of cases, the malware only blocked access to data or files without encrypting them. For 9%, mobile devices were the gateway for ransomware malware. Mobile phones have been infected via drive-by downloads or fake apps.
Figure 3: Different types of ransomware (Source: ForeNova, Cybersecurity Insiders)
- Hackers attack users, minus systems.
The main route of infection is still phishing email (58% of cases), followed by email attachments (52%). These tools are probably the most popular among cybercriminals due to their effectiveness and potential simplicity. More complex methods are still in the minority: 34% of attackers used compromised websites. One in four attackers (26%) targeted vulnerable systems. Only 17% specifically scanned for exploits.
Image 4: Pathways to Ransomware Infection (Source: ForeNova, Cybersecurity Insiders) Not surprisingly, companies rely on a comprehensive response to extortion attacks. 75% of study participants would isolate affected systems and user accounts, restore encrypted data from backups, and shut down the original attack vector if possible. 55% shut down their core systems as a precaution to prevent malware from spreading further. However, 39% obviously feel overwhelmed and, according to the plan, would question an external defense service. 31% actually try to decrypt the data themselves.
Interesting: only one in four companies inform their customers. Most refuse to try to negotiate the ransom. Only 9% make such an attempt. And only 5% would pay the ransom.
However, many decision makers are already planning to ensure that data cannot be restored if in doubt. 38% contact their cyber insurance company. 36% contact law enforcement immediately.
Figure 5: Ransomware Defenses in Enterprises (Source: ForeNova, Cybersecurity Insiders)
Quote from Thomas Krause, ForeNova DACH Regional Director: 'The fact that cybercriminals are increasingly using extortion malware to attack companies of all sizes and in different branches of industry cannot be denied. The results of the study conducted by Cybersecurity Insiders show not only the perceived threat, but also the actual risk situation and the company's defense mechanisms. We believe that these results can also be transferred to Europe. However, it is difficult to draw a complete picture. Ransomware attacks come in two forms: opportunistic attacks using simple tools and targeted advanced persistent threats. Only a comprehensive security strategy, consisting of endpoint detection and response, network detection and response, and the help of managed detection and response experts, can help against these dangers.
He quotes Holger Schulze, founder and CEO of Cybersecurity Insiders: 'Our study shows the actual impact and different ways companies react to ransomware as well as the state of many companies' cyber defenses. Ransomware attacks are on the rise and causing the chaos with their destructive malware. Threats affect organizations of all sizes, from SMBs to large enterprises and government agencies. Security gaps are exploited, and end devices and networks are infected via phishing attacks or malicious websites.'
About the study:
For the study, Cybersecurity Insiders surveyed 236 cybersecurity professionals in the United States and Canada in the fall of 2022. Respondents included directors, managers, security specialists and consultants, executives and directors, as well as founders, executives and presidents of companies . 43% of respondents were from IT security, 28% from general IT. The participants' field of study covers different company sizes, from the smallest companies to large companies with more than 50,000 employees.
The complete study for download here.