According to the SentinelOne
Global Ransomware Report 2018, more than half (53 percent) of U.S.
organizations that were infected with ransomware blamed legacy antivirus
protection for failing to prevent the attack. Nearly 7 out of 10 of
these companies have replaced legacy AV with next-gen endpoint
protection to prevent future ransomware infections. This distrust in
legacy AV further confirms the required shift to next-gen endpoint
protection in defending against today's most prominent information
security threats.
AV Fails to Foil Ransomware
Behind employee carelessness as
the primary cause (56 percent blamed this), failed legacy AV protection
is viewed as the leading factor in successful ransomware attacks,
followed by un-timely responses (33 percent). Legacy vendors have failed
to build solutions for new vectors - specifically, many legacy AVs still
lack basic anti-exploit capabilities. In addition to naming the most
common reasons for successful attacks, respondents indicated their level
of confidence in future defense with advanced technology:
-
Ninety six percent of respondents who were infected with ransomware
are confident they can prevent future attacks.
-
Sixty eight percent of confident respondents state this is because
they replaced legacy AV with next-gen endpoint protection.
Cost of Ransomware: Negotiation Leads to More Attacks
The
survey provides strong evidence that while ransomware attacks are on the
rise, an organization should never pay the ransom in an attack due to
the frequency of subsequent attacks, and infrequency of being able to
unlock encrypted files:
-
Forty five percent of U.S. companies hit with a ransomware attack last
year paid at least one ransom; but only 26 percent of these companies
had their files unlocked.
-
U.S. organizations that paid the ransoms we're targeted and attacked
again with ransomware 73 percent of the time.
Interestingly, 44 percent of respondents claim that employees have paid
a ransom without the involvement or sanction of IT/security teams. The
U.S. is also, on average, paying higher ransoms than any region
worldwide and spending more hours responding to infections:
-
The average value of ransoms paid by U.S. companies was $57,088
(global average is $49,060);
-
The average estimated business cost as a result of a ransomware attack
- including ransom, work-loss and time spent responding, is more than
$900,000;
-
The average number of employee hours dedicated to responding to
ransomware infection: 44 hours (global average: 40 hours).
Ransomware Impact Felt by Partners and Supply Chain
Research
also shows the significant negative impact ransomware attacks have on
third-party suppliers and partners of organizations suffering an
infection, magnifying the detriment attacks have on the U.S. business
community as a whole:
-
Forty six percent claim third-party suppliers and partners suffered
downtime;
-
Thirty five percent claim third-party suppliers and partners suffered
loss of productivity;
-
Twenty percent claim third-party suppliers and partners suffered loss
of revenue.
"Attackers are continually refining ransomware attacks to bypass legacy
AV and to trick unwitting employees into infecting their organization.
Paying the ransom isn't a solution either - attackers are treating
paying companies like an ATM, repeating attacks once payment is made,"
said Raj Rajamani, SentinelOne VP of Products. "The organizations with
the most confidence in stopping ransomware attacks have taken a
proactive approach and replaced legacy AV systems with next-gen endpoint
protection. By autonomously monitoring for attack behaviors in
real-time, organizations can detect and automatically stop attacks
before they take hold."