How business executives perceive ransomware threat

May 2022

Introduction


Ransomware, as the name suggests, is malicious software designed to block access to a computer system or encrypt its data until a sum of money (a ransom) is paid. These attacks have been carried out on individuals or corporations, with some of the most notable attacks in recent years hitting major brands such as Renault – where an estimated 200,000 terminals were impacted and JBS Foods which took multiple production facilities offline.

As such, ransomware has become something of a buzzword within the corporate world, with large attacks on enterprises appearing in headlines month after month. But are businesses really impacted as much by ransomware as the headlines would suggest? And do business decision makers consider it a real threat or just another cybersecurity hype? Kaspersky interviewed 900 business decision-makers across the globe in an attempt to find out.

Methodology


Kaspersky conducted research with 900 respondents across North America, South America, Africa, Russia, Europe and Asia-Pacific. Research took place in April 2022 with those in senior non-IT management (such as CEOs, VP and Director level) and business owners or partners at companies with 50—1000 employees.

Key Findings


  • 60% of business executives and C-level persons believe that the media makes out that ransomware threats are bigger than they actually are.
  • 64% of organizations have already been the victims of ransomware attacks. Amongst these, 79% paid the ransom to their attackers.
  • 88% of executives from companies that have previously been hit by ransomware said they would pay if attacked again.
  • Just 42% of companies would contact both a law enforcement agency and a cybersecurity incident response service if an incident occurs.

Ransomware is much more than just a buzzword


Ransomware is a growing issue for businesses across the world, with the number of attacks using ransomware almost doubling in 2021 alone. This can be attributed partly to the pandemic, which saw more people working from home. But with a hybrid working model looking set to stay, the likelihood of a ransomware attack remains present.

With the growing number of attacks and media hype around it, it is unsurprising that 100% of business decision makers have at least heard of ransomware – and 67% know ‘a lot’ about it. However, the majority of business decision makers (60%), believe the media presents attacks using ransomware as a bigger threat than they actually are.

Despite this, many organizations (66%) still anticipate attacks on their business, and there is a higher expectancy of attack amongst those who know a lot about ransomware (71%) than those who don’t (56%). This suggests that although executives may think these threats are an exaggeration, many are already preparing for if the worst happens.


 

 

Although all the business decision makers surveyed are aware of ransomware, they were less acquainted with the malware families that carry out such attacks. The most widely known ransomware family was DarkSide, with 46% recognizing its name. However, the most ‘famous’ attack on Colonial Pipeline – the largest fuel pipeline in the US, which was hacked in Q2 2021 – was only identified by 26%. The best-known business ‘victim’ of ransomware was Acer – who experienced two ransomware attacks in 2021. Almost half of respondents (48%) had heard of an attack on this organization.

To pay or not to pay. That is the question


When at attack occurs it can seem tempting to pay the ransom to get it over and done with, and this is often what happens. Major businesses have been known to pay huge sums of money to ensure a timely resolution, such as Colonial Pipeline, who made a controversial payment of $4.4 million to hackers in 2021. But whether this is an efficient way to get the data back is an area of debate amongst both IT professionals. Paying ransom can be viewed as a quicker way of getting data restored, however, there is the risk that even after paying, a business’s data still might not be restored in its entirety.

The results of our research indicate that a company’s attitude towards paying a ransom changes if they have previously faced this type of attack. Interestingly, those companies that have paid ransom charges previously are more likely to pay again if they find themselves in a similar situation.

The survey revealed that almost two-thirds of organizations (64%) have already been victims of ransomware attacks. Amongst these, 79% paid the ransom, with 38% paying immediately to regain access to their business data as quickly as possible. Between those who know a lot about ransomware, and those who know little, the tendency to pay was more or less the same (79% and 80% respectively) but those with more awareness preferred to pay immediately (43%) compared to those that were less informed (26%).

When asked what they would do if they were attacked again, 88% of company executives that were previously attacked said they would pay the ransom if faced with another incident. Out of those that had paid previously, an overwhelming 97% said they would pay again – versus 67% of those who have never been victims before.

Of the companies that had yet to experience a ransomware attack, more than a quarter (28%) said they wouldn’t pay a ransom, even if it meant not being able to restore their data. However, that number dropped considerably for companies that had already been victims, to just 11%.


 

Having a previous experience of an attack, or multiple attacks, also influences whether companies report the crime to a law enforcement agency. Our survey shows the greater the frequency of attacks, the more appealing this option becomes as a sole point of contact. With 21% of those hit multiple times most likely to do so, compared to those who haven’t been attacked (12%), and companies only attacked once (19%).

In addition, companies that have already experienced an attack, appear to have a clearer understating that their regular IT teams lack the necessary resources to respond to such a threat. Only 2% of businesses who have experienced multiple attacks choose this route, compared to 7% who haven’t had a ransomware attack.

Conclusion


Our research shows a worrying tendency for companies that have already been a victim of ransomware to pay up, encouraging cybercriminals to continue their attacks – also going against the advice from law enforcement agencies, who recommend never paying, so as not to encourage future attacks.

The willingness for companies to pay these demands could be down to a lack of awareness on how to respond to such threats, and the length of time it takes to restore data – with businesses often losing more money waiting for restoration than paying the ransom.

Whatever the reason may be, it is better to prevent the ransomware attack in the first place than deal with the aftermath. Ahead of Anti-Ransomware Day 2022, Kaspersky encourages businesses to follow these simple and effective recommendations to help protect against future ransomware attacks:

  • Always keep up-to-date copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device). These should be stored not only on a physical device but also in cloud storage for greater reliability. Make sure you can quickly access your backups in the event of an emergency.
  • Install all security updates as soon as they become available. Always update your operating system and software to eliminate recent vulnerabilities.
  • Provide security education to your staff. Explain that by following simple rules, employees can help prevent ransomware incidents. Check out dedicated training courses, such as the ones provided in the Kaspersky Automated Security Awareness Platform.
  • Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevent exploits and is compatible with already installed security solutions.
  • Enterprise companies are recommended to use anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents, as well as to have access to the latest threat intelligence. An MDR provider could help to effectively hunt any advanced ransomware attack. All of the above is available within Kaspersky Expert Security.
  • If you become a victim, never pay the ransom. It won’t guarantee you get your data back but will encourage criminals to continue their business. Instead, report the incident to your local law enforcement agency. Try to find a decryptor on the internet – you can find some of these available at nomoreransom.org