Ransomware continues its dominance as the most lucrative criminal business model in the history of malware, costing businesses upwards of $1 billion in 2016.
According to KnowBe4’s 2017 Endpoint Protection Ransomware Effectiveness Report, antivirus solutions have a marked inability to protect against ransomware. About 33% of respondents have experienced a ransomware attack in the past 12 months; out of those, 53% had deployed multiple solutions against ransomware but still became victim to it. And about half (48%) of the total number of respondents (72%) who had downloaded KnowBe4’s ransomware simulator, RanSim, were not able to detect the simulator’s behavior, despite their antivirus deployments.
“Ransomware is primarily delivered via a phishing email, which means your users have to be trained to identify it in order to prevent it, making antivirus ineffective at stopping ransomware,” said Stu Sjouwerman, CEO of KnowBe4. “It’s a simple concept—if users can learn not to click the link or open the attachment they won’t infect their workstation with ransomware! An important layer in any company’s security stack is the last line of defense—the human firewall that can be trained to detect a phishing email. Once organizations recognize this, their security posture improves dramatically.”
Of those impacted by ransomware, KnowBe4 found that on average six endpoints and two servers were affected in a given attack, meaning that the general assumption that ransomware takes over only one machine is inaccurate. The larger impact caused an average of 12 hours of user downtime and 12 hours of IT investment to remediate the problem.
Most (94%) businesses surveyed did not pay the ransom to decrypt their data. Those that did paid at a cost of between three to five bitcoins (respectively $3,780 to $6,300 at today’s exchange rate).
“As ransomware continues to explosively grow every business is at risk,” added Sjouwerman. “Our research findings are fascinating as they illustrate that most companies are in an arms race to deploy endpoint solutions such as antivirus protection, but their focus on this investment is leaving massive gaps that can be manipulated. The bottom line: even with antivirus, ransomware is going to get in.”
KnowBe4’s research found that having some level of security awareness training in place improved an organization’s ability to fend off ransomware. The organizations that combined online training with frequent phishing attack testing saw the lowest percentage (21%) of successful ransomware attacks in the last 12 months.
“Ultimately, as shown by the survey, antivirus solutions will help keep some measure of ransomware out, but will do little to truly stop the spread of ransomware,” the firm said in the report. “Continual training and testing of employees will help an organization create its strongest security posture.”