- 54% of organizations were hit by ransomware in the past year
- Targeted organizations suffered two attacks on average
- Damages averaged at $133,000 but rose as high as $6.6 million
As the popularity of ransomware grows by the year, it seems that those that were unfortunate enough to get hit in the last year suffered multiple attacks. More specifically, according to Sophos, the cybersecurity company behind the survey, most organizations were hit twice on average. The survey questioned 2,700 IT professionals from all over the globe.
The results show that 54% of organizations suffered at least one ransomware attack in the past year and lost, on average, $133,000. While this average may look quite hefty already, the reality is that 5% of the respondents actually had their businesses lose much more money, namely between $1.3 and $6.6 million due to ransomware.
The estimates don’t include the cost of the ransomware fee because those are never too high, but also the lost work hours, the downtime suffered by the equipment, device and network costs, as well as the lost business opportunities. Just a reminder that the WannaCry ransomware attack, for instance, severely damaged multiple company networks across the globe, halting production for at least two carmakers – Renault and Nissan. WannaCry caused an estimated $1 billion in damage, but the total estimates for all ransomware damage in 2017 rose to $5 billion.
The sector that got hit the most by ransomware was the healthcare one, with 76% of respondents admitting they suffered such an attack in the past year. Then came energy, oil, gas, and utilities, with 65% of respondents confirming an attack. This list makes sense because these are sectors that usually have outdated IT infrastructures and have become easy targets for attackers.
It seems, however, that there’s no real rhyme behind the attacks – they’ll target both small and large organizations alike, with no discrimination. Any money is good money. Ransomware has created a situation where anyone can buy a kit from a dark web market and direct an attack wherever they want, hoping that some money will fall if the tree is shaken hard enough.