Despite the threat of ransomware being at an all-time high, a recent report from cybersecurity firm Kaspersky says that 45 per cent of employees in the U.S and Canada wouldn’t know how to respond to a ransomware attack. Thirty-seven per cent don’t even know what it is.

Ransomware, characterized by attackers blocking access to critical data or services (usually through strong encryption) and demanding the victim to pay a ransom to regain access, can have devastating consequences. The report from Kaspersky estimated that ransomware could cost organizations $1 million on average, and in severe cases, more than $5 million.

Primary monetary damage is just one effect of ransomware. Downtime usually spells disaster for businesses large and small and is flat out unacceptable for critical services like hospitals. Attackers often evaluate the importance of the service and capitalize on the urgency to restore service when demanding the ransom.


Research methodology

The Ransomware Revealed: Paying for the Protection of your Privacy study was conducted by research firm Opinion Matters via an online survey targeting 2,007 business employees aged 17 and older from the United States and 1,011 employees of the same age from Canada on their knowledge of ransomware in the workplace. The survey was conducted in November 2019. Not all survey results are included in this report.

During the COVID-19 pandemic, attackers exploited public anxiety by sending malicious emails disguised as health safety information. These emails tricked their recipients into providing login credentials for financial websites, install malware on their machines, and frequently baited victims to execute ransomware programs.

According to Kaspersky, between 900,000 to 1.2 million users become targets of ransomware every six months. Also, attackers are becoming increasingly adept at sniffing out weak security systems, ambushing users at risk with surgical precision.

But everyone diverges on how to respond to a ransomware breach properly. Between Canada and the U.S., nearly 40 per cent of the survey respondents on average believe that companies should pay the ransom to retrieve personal data, but that’s partially due to employees–45 per cent of them–not knowing what other actions to take in case of an attack. And yet, 67 per cent of survey respondents would outright refuse to pay a ransom if they were to become a victim.

Most survey participants have no confidence that the attacker would return all stolen data. Source: Kaspersky.

While conceding to the attacker’s demands is the most direct way to restore operation, paying the ransom carries substantial risks and consequences. Firstly, there’s no guarantee that the attackers would keep the data anonymous or even return the data in full. Secondly, it sets a precedence and fuel motivation for future attacks.

A 2019 report by Emsisoft found that at least 966 public sector services were impacted by ransomware in 2019. Establishments like government agencies, education facilities, and healthcare providers remain especially at risk today.

How to prevent ransomware

In its survey, Kaspersky stressed that…

Read The Full Article

Leave a Reply

Check Also

Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector

As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to repor…