The level of reported ransomware incidents doesn't paint an accurate picture of what's really going on, as many victims remain unwilling to talk about what happened, the European Union's cybersecurity agency has warned.
According to ENISA, it wasn't possible to confirm whether a ransom was paid in 94.2% of all the incidents they analysed, something that the agency says "limits our understanding and thus our ability to perform a proper analysis and mitigate the threat of ransomware".
That isn't the only aspect of ransomware that is going underreported and it's making tracking incidents difficult as the report warns that many victims just don't report they've been a victim of a ransomware attack because they "prefer to deal with the problem internally and avoid bad publicity".
That leads to a lack of reliable data when it comes to painting a true picture about the state of ransomware attacks.
"The lack of reliable data from targeted organisations makes it very hard to fully understand the problem or even know how many ransomware cases there are," warns the report, which suggests the most reliable sources for finding out who has been a victim of a ransomware attack are the leak sites of cyber-criminal ransomware groups who publish data stolen in the attack.
This lack of transparency also means that it's difficult to investigate, analyze and learn lessons about how attacks work, hampering efforts to help protect other businesses from falling victim to similar incidents.
Public statements on what happened during attacks are rare, and in the few cases that are spoken about publicly, they often don't include details.
"Ransomware is thriving, and our research shows that threat actors are conducting indiscriminate attacks. Companies of every size across all sectors are affected. Anyone can become a target. We urge organisations to prepare for ransomware attacks and consider possible consequences before attacks occur," the ENISA paper said.
Steps that organisations can take to help protect their network from ransomware and other cyber threats include ensuring that users aren't using easy-to-guess common or default passwords, as well as providing all users with multi-factor authentication, so in the event that a password is stolen or a network is breached, it's harder for an intruder to abuse that access.