Ransomware attacks are hitting a lot of organizations and many are getting attacked multiple times. According to a study released on November 18 by security firm SentinelOne, over the past 12 months, 50 percent of organizations have responded to a ransomware campaign.
The study was conducted for SentinelOne by research firm Vanson Bourn and surveyed 500 cyber-security professionals across the United States, U.K., France and Germany. To add insult to injury, the study found that of those organizations that suffered a ransomware attack in the past 12 months, 85 percent stated that they were hit with three or more attacks.
Jeremiah Grossman, Chief of Security Strategy at SentinelOne, was not all that surprised that the study found such a high percentage of ransomware attacks.
“Based on various industry reports, we already had a good sense that ransomware losses were fairly high—at least in the hundreds of millions annually,” Grossman told eWEEK. “We also knew the individual ransoms averaged somewhere in between $500-$2,000, with some organizations paying around $20,000 (U.S.).”
Kaspersky Lab’s IT Threat Evolution Q3 2016 report, for example, found that 821,865 Kaspersky users were attacked by some form of ransomware in the third quarter, which was 2.6 times more than the previous quarter.
Grossman noted that SentinelOne had assumed that the number of victims across the board had to be fairly large, which the survey helped to confirm.
“It’s also encouraging that so many organizations were willing to share that they were victimized—this shows that the industry may be starting to overcome the stigma associated with breach disclosure,” Grossman said.
In terms of how ransomware is getting to organizations, 83 percent of respondents to SentinelOne’s study reported that the attacks came through phishing emails or social media. Additionally, 59 percent admitted that ransomware attackers gained access after users clicked on links found on compromised websites. In terms of data that is most often impacted by ransomware attacks, 52 percent indicated that financial data was most often affected.
Given that so many ransomware attacks get through to user systems via user actions, such as clicking on links, the simple solution might just be to tell users not to click on things form unknown sources. however, in Grossman’s view, simply advising users to not click isn’t enough.
“We could instruct users to not click on attachments in email, in fact many have, only to find that the guidance doesn’t work well long-term,” Grossman said. “Eventually, users will make a mistake. We all do.”
Grossman added that in his personal opinion, users should be able to click on whatever they want, without having to worry about whether it will negatively impact their computing environment.
“Idealistic as this concept might be, this is the approach we’re reaching towards,” Grossman said.
Enabling users to click on whatever they want, without falling victim to malware and ransomware is not an easy task. 52 percent of respondents agreed that they have lost faith in traditional cyber-security, such as antivirus.
“Anti-malware is often something organizations have to buy, whether they have faith in the protection it provides or not,” Grossman said. “So they’ll continue to buy the traditional products until something better comes along, and that’s what we’re seeing now.”
SentinelOne itself provides a product that aims to limit the risks of ransomware. Grossman noted that if the SentinelOne software is properly installed and configured on the endpoint, his firm has not seen any infections.
Ransomware operations are often run as large campaigns that only rely on a small number of users to pay-up, to actually be successful. Check Point released a study on August 18 of the Cerber Ransomware family which found that only 0.3 percent of victims paid a ransom.
Grossman commented that since ransomware distribution doesn’t require much in terms of resources, extortionists will run campaigns back-to-back, track their results and constantly improve their methods.
One of the most often asked questions when it comes to ransomware is whether or not it makes sense to pay a ransom or to buy security software.
“It isn’t cheaper to purchase anti-malware products, ransoms tend to be extremely cheap,” Grossman said. “The risk, of course, is that there is no guarantee that the extortionist will hold up their end of the bargain and provide the deception key.”
Additionally, there’s also the risk that ransomware attackers will come back soon after an initial payment is made, with a second payment demand.
“Time is money as they say,” Grossman said. “So, it’s better and safer to purchase the best preventative measures you can, biased towards vendors that guarantee performance, and also be prepared for fast detection and recovery.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.