According to data acquired by the Atlas VPN team, 56% of organizations worldwide experienced at least one ransomware attack in the past 12 months, with an average ransom costing victims $1.1 million.
The numbers are based on the Global Security Attitude Survey conducted by CrowdStrike, where 2,200 senior IT decision-makers and security professionals were interviewed on questions concerning cybersecurity in their workplace in the last 12 months. The survey took place between August and September of 2020.
Ransomware is malicious software that infects victims’ systems, devices, or files and blocks access to them unless a ransom is paid. A total of six in ten organizations worldwide faced at least one such attack over the past year.
Out of all the countries featured in the survey, businesses in India had the most ransomware events in the last 12 months. A whopping 74% of respondents from India said their organizations had suffered from ransomware attacks in the past year.
In total, 38% of company representatives said their organization faced only one ransomware attack, while 36% reported they endured more than one such attack in that period.
Next up is Australia, where 67% of the respondents reported that their organization had suffered ransomware threats in the last 12 months. While in France, which occupies the third spot in the list, 60% of businesses faced ransomware attacks during the same period.
Rounding out the top five list are Germany and the United States. According to the survey, 59% of organizations in Germany had ransomware events, followed by the United States, where 58% of organizations experienced ransomware attacks in the period of the past 12 months.
Companies in the United Kingdom endured the least amount of ransomware threats. According to the survey, 39% of respondents said their organization was targeted by a ransomware attack in the past 12 months.
Asia Pacific companies pay the biggest ransom
Once attacked, organizations do not always pay ransom to cybercriminals. In fact, only 27% of respondents confirmed their organizations paid the cybercriminals as a result of a ransomware attack, with the average payment being $1.1 million per hack.
Organizations in the Asia Pacific paid most for ransomware attacks. The average ransom payment in this region in the last 12 months was $1.18 million.
Companies in Europe, the Middle East, and Africa regions do not fall far behind with ransomware payments. On average, a single ransom payment in the region cost victims $1.06 million.
Finally, businesses in the United States paid the least per ransom to cyber criminals compared to other regions featured in the survey. An average ransom payment in the United States was $0.99 million.
Tips on protecting organizations from ransomware attacks
With ransomware attacks posing an increasing threat to organizations around the world, it is essential to take all the possible precautions to minimize the risk of falling victim to cybercriminals. Here are some key things to remember:
Keep your software up to date – Regularly update the software you use. The updated software has the latest security patches, making it harder for cybercriminals to exploit system vulnerabilities. Also, do not forget to conduct regular software scans to ensure it operates efficiently.
Minimize administrative privileges – Restrict employees’ ability to install and run software applications on work devices outside of the responsible department.
Back up your data – Keep your data backed offline. This way, even if you experience a ransomware attack, you will not need to pay cybercriminals to get your valuable data back.
Educate employees – The majority of data breaches happen due to human error. Test your employees’ security awareness with phishing tests. This will help educate them on how cyberattacks may look like and keep them vigilant at all times.
If your organization has fallen victim to a ransomware attack, it is generally not advised to pay ransom to cybercriminals. Paying a ransom does not guarantee you will get your data back and also encourages the criminal behavior.
Instead, organizations should prepare an incident response plan, planning what actions need to be taken should the unfortunate event happen. While no organization is infallible to cyberattacks, having a response plan can mean you will come out of the situation with minimum damage.