Ransomware gangs are still using phishing as one of the main ways to attack an organization, according to a new survey from Cloudian featuring the insights of 200 IT decision-makers who experienced a ransomware attack over the last two years.
More than half of all respondents have held anti-phishing training among employees, and 49% had perimeter defenses in place when they were attacked.
Nearly 25% of all survey respondents said their ransomware attacks started through phishing, and of those victims, 65% had conducted anti-phishing training sessions. For enterprises with fewer than 500 employees, 41% said their attacks started with phishing. About one-third of all victims said their public cloud was the entry point ransomware groups used to attack them.
"This reflects the increasing sophistication of phishing schemes, with attackers now mimicking emails from trusted associates such as high-level executives (known as 'whaling' attacks). These emails will sometimes include personal details, usually gleaned from social media, making it more likely that even a wary individual will fall prey," the report explained.
The speed of ransomware groups is also startling, with 56% saying ransomware actors managed to take over their data and send a ransom demand in under 12 hours. 30% said their data was taken in 24 hours. For companies attacked through phishing, 76% of victims noted that attackers took over systems within 12 hours.
The report added that "44% of respondents' total data was held hostage, with financial, operational, customer and employee data all being targeted." Enterprises experienced an average downtime of three days.
The average financial cost for respondents was nearly $500,000, and 55% said they ended up paying the ransom, with an average ransom cost of $223,000. Nearly 15% said they paid $500,000 or more. Even after paying, just 57% were able to get all of their data back.
"The findings reveal the cold, hard truth about such attacks: They are hard to prevent even when you're prepared. Ransomware can penetrate quickly, significantly impacting an organization's financials, operations, customers, employees and reputation. Even if you pay the ransom, other related costs can be significant," the report said.
The other costs associated with responding to a ransomware attack added up to an average of $183,000. On average, victims got 60% of their costs covered through cyber insurance. But almost 90% of victims said their cyber insurance rates increased after they were attacked, and there was an average increase of 25%.
According to the survey, more than half of respondents dealt with additional impacts to "their financials, operations, employees, customers and reputation."
"The threat of ransomware will continue to plague organizations around the world if they do not change their approach and response to it," said Jon Toor, chief marketing officer at Cloudian.
Read the full report: 2021 Ransomware Victims Report.